Only enable browsable API when debugging is on.
The reason for that is that the API may expose data that shouldn't be exposed, such as the list of users on the service.
This commit is contained in:
parent
3de1d48b9e
commit
00cf2d83a0
@ -91,7 +91,7 @@ def msgpack_decode(content):
|
||||
class BaseViewSet(viewsets.ModelViewSet):
|
||||
authentication_classes = tuple(app_settings.API_AUTHENTICATORS)
|
||||
permission_classes = tuple(app_settings.API_PERMISSIONS)
|
||||
renderer_classes = [JSONRenderer, MessagePackRenderer, BrowsableAPIRenderer]
|
||||
renderer_classes = [JSONRenderer, MessagePackRenderer] + [BrowsableAPIRenderer] if settings.DEBUG else []
|
||||
parser_classes = [JSONParser, MessagePackParser, FormParser, MultiPartParser]
|
||||
stoken_id_fields = None
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user