I was half-right on PR #4819. There is a _CSP_SCRIPT_INLINE to allow inline scripts, which we have enabled for the API docs. However, the FAQ suggests SpectacularSwaggerSplitView could be used to avoid the inline script.
This PR brings back allowing inline scripts, but only for silk. It switches the docs to use the alternate view.
How to test:
Load the website, change to different pages. The site continues to load.
Go to http://127.0.0.1:8000/docs. The page loads, and you can run an API call like GET /api/v1/profiles/.
I was half-right on PR #4819. There is a
_CSP_SCRIPT_INLINEto allow inline scripts, which we have enabled for the API docs. However, the FAQ suggestsSpectacularSwaggerSplitViewcould be used to avoid the inline script.This PR brings back allowing inline scripts, but only for silk. It switches the docs to use the alternate view.
How to test:
GET /api/v1/profiles/.