Adding a server to nestjs swagger gives a permission error

Question

When I add new server to a nestjs DocumentBuilder .addServer('http://localhost:7071') it thows a permission error when I try to execute routes at generated swagger page.

At the browser console it thows this error:

Refused to connect to 'http://localhost:7071/api/session/signin' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to connect to 'http://localhost:7071/api/session/signin' because it violates the document's Content Security Policy.

I already enable cors at the nestjs app with no luck!

app.enableCors();

Maybe I'm missing some security policy at the DocumentBuilder? Something like .addSecurity()? If it is the case How can I add this security policy?

Answer 1

This error is caused by wrong CORS config. To fix it:

• Update swagger by adding :

.addServer('http://localhost:3000')

• Add origin in CORS config (the address you're using) :

app.enableCors({origin: 'http://localhost:3000'});