🔒️(backend) disable BrowsableAPIRenderer to prevent information leakage
Remove BrowsableAPIRenderer from API options, restricting output to JSON format only. Prevents leakage of sensitive information like resource IDs and user identifiers that were previously exposed in renderer dropdown options. Issue identified in #YWH-PGM14336-4 report. These information was considered as a critical disclosure by hackers.
This commit is contained in:
lebaudantoine
committed by
aleb_the_flash
aleb_the_flash
parent
63565b38c3
commit
462c6c50e5
@@ -263,6 +263,9 @@ class Base(Configuration):
|
||||
"rest_framework.parsers.JSONParser",
|
||||
"nested_multipart_parser.drf.DrfNestedParser",
|
||||
],
|
||||
"DEFAULT_RENDERER_CLASSES": [
|
||||
"rest_framework.renderers.JSONRenderer",
|
||||
],
|
||||
"EXCEPTION_HANDLER": "core.api.exception_handler",
|
||||
"DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
|
||||
"PAGE_SIZE": 20,
|
||||
|
||||
Reference in New Issue
Block a user