🔖 release 0.8.1

[annashamray]

No description provided.

[stevenbal]

@annashamray @Coperh I'm trying out the CSP changes to fix the redoc schema (with Objects API). But it doesn't seem to work?

Content-Security-Policy: The page’s settings blocked a script (script-src-elem) at https://cdn.jsdelivr.net/npm/redoc@latest/bundles/redoc.standalone.js from being executed because it violates the following directive: “script-src 'self' 'unsafe-inline'”

Also it's kind of unfortunate we need 'unsafe-inline' for both script-src and style-src, because having those enabled kind of defeats the purpose of using CSP, but if there's not other way to get redoc to work, than that will have to be like that I guess

EDIT: thought this was also part of the release/0.8.1 branch (which it isn't yet), though with main it doesn't seem to work either

[Coperh]

@stevenbal Did you add the sidecar to the spectacular settings?

SPECTACULAR_SETTINGS = {
    'SWAGGER_UI_DIST': 'SIDECAR',
    'SWAGGER_UI_FAVICON_HREF': 'SIDECAR',
    'REDOC_DIST': 'SIDECAR',
    ...
}

https://drf-spectacular.readthedocs.io/en/latest/faq.html#my-swagger-ui-and-or-redoc-page-is-blank

[annashamray]

@stevenbal I agree with you about 'unsafe-inline', drf-spectacular suggest using SpectacularSwaggerSplitView as a workaround for Swagger UI, but we use redoc and I haven't seen any solution for it

[annashamray]

I see a number of issues related to csp in drf-spectacular github (I think this issue is quite promising tfranzel/drf-spectacular#1241 ) but it's unclear if they actually plan to implement it

[annashamray]

@stevenbal I've checked it with Objects API, it works for me (after you add 'REDOC_DIST': 'SIDECAR' to spectacular settings)

[stevenbal]

@annashamray ah I didn't check that, in that case all good 👍