🔧[maykinmedia/open-api-framework#68] fix CSP errors

docs/installation/config.rst

@@ -17,7 +17,7 @@ Available environment variables
 Required
 --------
 
-* ``SECRET_KEY``: Secret key that's used for certain cryptographic utilities. You should generate one via `miniwebtool <https://www.miniwebtool.com/django-secret-key-generator>`_.
+* ``SECRET_KEY``: Secret key that's used for certain cryptographic utilities. .
 * ``ALLOWED_HOSTS``: a comma separated (without spaces!) list of domains that serve the installation. Used to protect against Host header attacks. Defaults to: ``(empty string)``.
 * ``CACHE_DEFAULT``: redis cache address for the default cache (this **MUST** be set when using Docker). Defaults to: ``localhost:6379/0``.
 * ``CACHE_AXES``: redis cache address for the brute force login protection cache (this **MUST** be set when using Docker). Defaults to: ``localhost:6379/0``.
@@ -80,7 +80,7 @@ Optional
 * ``LOG_LEVEL``: control the verbosity of logging output. Available values are ``CRITICAL``, ``ERROR``, ``WARNING``, ``INFO`` and ``DEBUG``. Defaults to: ``WARNING``.
 * ``LOG_QUERIES``: enable (query) logging at the database backend level. Note that you must also set ``DEBUG=1``, which should be done very sparingly!. Defaults to: ``False``.
 * ``LOG_REQUESTS``: enable logging of the outgoing requests. Defaults to: ``False``.
-* ``SESSION_COOKIE_SAMESITE``: The value of the SameSite flag on the session cookie. This flag prevents the cookie from being sent in cross-site requests thus preventing CSRF attacks and making some methods of stealing session cookie impossible. Defaults to: ``Strict``.
+* ``SESSION_COOKIE_SAMESITE``: The value of the SameSite flag on the session cookie. This flag prevents the cookie from being sent in cross-site requests thus preventing CSRF attacks and making some methods of stealing session cookie impossible.Currently interferes with OIDC. Keep the value set at Lax if used. Defaults to: ``Lax``.
 * ``CSRF_COOKIE_SAMESITE``: The value of the SameSite flag on the CSRF cookie. This flag prevents the cookie from being sent in cross-site requests. Defaults to: ``Strict``.
 * ``ENVIRONMENT``: An identifier for the environment, displayed in the admin depending on the settings module used and included in the error monitoring (see ``SENTRY_DSN``). The default is set according to ``DJANGO_SETTINGS_MODULE``.
 * ``SUBPATH``: If hosted on a subpath, provide the value here. If you provide ``/gateway``, the component assumes its running at the base URL: ``https://somedomain/gateway/``. Defaults to an empty string. Defaults to: ``None``.

requirements/base.txt

@@ -97,6 +97,7 @@ django==4.2.15
     #   djangorestframework-inclusions
     #   drf-nested-routers
     #   drf-spectacular
+    #   drf-spectacular-sidecar
     #   drf-yasg
     #   maykin-2fa
     #   mozilla-django-oidc
@@ -177,8 +178,10 @@ djangorestframework-inclusions==1.2.0
     # via open-api-framework
 drf-nested-routers==0.94.1
     # via commonground-api-common
-drf-spectacular==0.27.2
+drf-spectacular[sidecar]==0.27.2
     # via open-api-framework
+drf-spectacular-sidecar==2024.7.1
+    # via drf-spectacular
 drf-yasg==1.21.7
     # via commonground-api-common
 ecs-logging==2.2.0
@@ -231,7 +234,7 @@ mozilla-django-oidc-db==0.19.0
     # via open-api-framework
 notifications-api-common==0.2.2
     # via commonground-api-common
-open-api-framework==0.8.0
+open-api-framework==0.8.1
     # via -r requirements/base.in
 orderedmultidict==1.0.1
     # via furl

requirements/ci.txt

@@ -174,6 +174,7 @@ django==4.2.15
     #   djangorestframework-inclusions
     #   drf-nested-routers
     #   drf-spectacular
+    #   drf-spectacular-sidecar
     #   drf-yasg
     #   maykin-2fa
     #   mozilla-django-oidc
@@ -338,11 +339,16 @@ drf-nested-routers==0.94.1
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   commonground-api-common
-drf-spectacular==0.27.2
+drf-spectacular[sidecar]==0.27.2
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   open-api-framework
+drf-spectacular-sidecar==2024.7.1
+    # via
+    #   -c requirements/base.txt
+    #   -r requirements/base.txt
+    #   drf-spectacular
 drf-yasg==1.21.7
     # via
     #   -c requirements/base.txt
@@ -493,7 +499,7 @@ notifications-api-common==0.2.2
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   commonground-api-common
-open-api-framework==0.8.0
+open-api-framework==0.8.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt

requirements/dev.txt

@@ -204,6 +204,7 @@ django==4.2.15
     #   djangorestframework-inclusions
     #   drf-nested-routers
     #   drf-spectacular
+    #   drf-spectacular-sidecar
     #   drf-yasg
     #   maykin-2fa
     #   mozilla-django-oidc
@@ -376,11 +377,16 @@ drf-nested-routers==0.94.1
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   commonground-api-common
-drf-spectacular==0.27.2
+drf-spectacular[sidecar]==0.27.2
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   open-api-framework
+drf-spectacular-sidecar==2024.7.1
+    # via
+    #   -c requirements/ci.txt
+    #   -r requirements/ci.txt
+    #   drf-spectacular
 drf-yasg==1.21.7
     # via
     #   -c requirements/ci.txt
@@ -562,7 +568,7 @@ notifications-api-common==0.2.2
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt
     #   commonground-api-common
-open-api-framework==0.8.0
+open-api-framework==0.8.1
     # via
     #   -c requirements/ci.txt
     #   -r requirements/ci.txt

src/openklant/conf/api.py

@@ -17,6 +17,7 @@
 REST_FRAMEWORK["DEFAULT_SCHEMA_CLASS"] = "openklant.components.utils.schema.AutoSchema"
 
 SPECTACULAR_SETTINGS = {
+    "REDOC_DIST": "SIDECAR",
     "SERVE_INCLUDE_SCHEMA": False,
     "CAMELIZE_NAMES": True,
     "SCHEMA_PATH_PREFIX": r"/v[0-9]+",

src/openklant/conf/base.py

@@ -47,8 +47,3 @@
 # Django-Admin-Index
 #
 ADMIN_INDEX_SHOW_REMAINING_APPS_TO_SUPERUSERS = True
-
-CSP_EXCLUDE_URL_PREFIXES = (
-    "/contactgegevens/api/v1/schema/",
-    "/klantinteracties/api/v1/schema/",
-)