Only enable browsable API when debugging is on.

The reason for that is that the API may expose data that shouldn't be exposed,
such as the list of users on the service.
This commit is contained in:
Tom Hacohen 2020-09-13 14:17:25 +03:00
parent 3de1d48b9e
commit 00cf2d83a0

View File

@ -91,7 +91,7 @@ def msgpack_decode(content):
class BaseViewSet(viewsets.ModelViewSet):
authentication_classes = tuple(app_settings.API_AUTHENTICATORS)
permission_classes = tuple(app_settings.API_PERMISSIONS)
renderer_classes = [JSONRenderer, MessagePackRenderer, BrowsableAPIRenderer]
renderer_classes = [JSONRenderer, MessagePackRenderer] + [BrowsableAPIRenderer] if settings.DEBUG else []
parser_classes = [JSONParser, MessagePackParser, FormParser, MultiPartParser]
stoken_id_fields = None