so, i'm seeing certain kinds of content security policy headers for the swagger documentation (and not for any other routes). where is this being set ? i cannot seem to find anything related to this in swagger.clj

hmmm, i feel it's the standard header -- i have to wonder why it's not being set at localhost, though, and is when it is being deployed in production behind a different hostname