Skip to content

Commit

Permalink
🐛[#68] add CSP headers for DRF spectacular schema
Browse files Browse the repository at this point in the history
  • Loading branch information
@Coperh
Coperh committed Sep 13, 2024
1 parent 9ef90bb commit 5416f2b
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 2 additions & 1 deletion open_api_framework/conf/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,7 @@
"vng_api_common",
"notifications_api_common",
"drf_spectacular",
"drf_spectacular_sidecar",
"rest_framework",
"django_markup",
"solo",
Expand Down Expand Up @@ -957,6 +958,7 @@ def init_sentry(before_send: Callable | None = None):
# ideally we'd use BASE_URI but it'd have to be lazy or cause issues
CSP_DEFAULT_SRC = [
"'self'",
"'unsafe-inline'"
] + config(
"CSP_EXTRA_DEFAULT_SRC",
default=[],
Expand Down Expand Up @@ -1039,5 +1041,4 @@ def init_sentry(before_send: Callable | None = None):
CSP_EXCLUDE_URL_PREFIXES = (
# ReDoc/Swagger pull in external sources, so don't enforce CSP on API endpoints/documentation.
"/api/",
"/admin/",
)
2 changes: 1 addition & 1 deletion pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ dependencies = [
"djangorestframework>=3.15.2",
"djangorestframework-gis>=1.0",
"django-filter>=24.2",
"drf-spectacular>=0.27.2",
"drf-spectacular[sidecar]>=0.27.2",
"django-csp>=3.8",
"djangorestframework-inclusions>=1.2.0",
"commonground-api-common>=1.12.1",
Expand Down

0 comments on commit 5416f2b

Please sign in to comment.