studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒️(drf) disable browsable HTML API renderer (#919)

Browse Source 
The `BrowsableAPIRenderer` generates a form to test POST/PUT/... actions
and fill the FK fields with unfiltered data. This issue has been spoted
on visio and fixed suitenumerique/meet#508
This commit is contained in:
Manuel Raynaud
2025-04-30 16:23:26 +02:00
committed by GitHub
parent 2557c6bc77
commit 7f0eb9117e
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -28,6 +28,7 @@ and this project adheres to
## Fixed ## Fixed
- 🐛(nginx) fix 404 when accessing a doc #866 - 🐛(nginx) fix 404 when accessing a doc #866
- 🔒️(drf) disable browsable HTML API renderer #919
## [3.1.0] - 2025-04-07 ## [3.1.0] - 2025-04-07

6
src/backend/impress/settings.py
View File

@@ -334,6 +334,12 @@ class Base(Configuration):
"rest_framework.parsers.JSONParser", "rest_framework.parsers.JSONParser",
"nested_multipart_parser.drf.DrfNestedParser", "nested_multipart_parser.drf.DrfNestedParser",
], ],
"DEFAULT_RENDERER_CLASSES": [
# 🔒️ Disable BrowsableAPIRenderer which provides forms allowing a user to
# see all the data in the database (ie a serializer with a ForeignKey field
# will generate a form with a field with all possible values of the FK).
"rest_framework.renderers.JSONRenderer",
],
"EXCEPTION_HANDLER": "core.api.exception_handler", "EXCEPTION_HANDLER": "core.api.exception_handler",
"DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination", "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
"PAGE_SIZE": 20, "PAGE_SIZE": 20,