Only enable browsable API when debugging is on.

The reason for that is that the API may expose data that shouldn't be exposed, such as the list of users on the service.
2020-09-13 14:17:25 +03:00 · 2020-09-13 14:17:25 +03:00 · 00cf2d83a0
commit 00cf2d83a0
parent 3de1d48b9e
1 changed files with 1 additions and 1 deletions
--- a/django_etebase/views.py
+++ b/django_etebase/views.py
@ -91,7 +91,7 @@ def msgpack_decode(content):
 class BaseViewSet(viewsets.ModelViewSet):
    authentication_classes = tuple(app_settings.API_AUTHENTICATORS)
    permission_classes = tuple(app_settings.API_PERMISSIONS)
-    renderer_classes = [JSONRenderer, MessagePackRenderer, BrowsableAPIRenderer]
+    renderer_classes = [JSONRenderer, MessagePackRenderer] + [BrowsableAPIRenderer] if settings.DEBUG else []
    parser_classes = [JSONParser, MessagePackParser, FormParser, MultiPartParser]
    stoken_id_fields = None