Fix Frontend Issues: CSP, Chart Height, and Logout

- Add CSP settings explicitly to local.py to ensure they are active - Implement logout API endpoint (view and url) to fix 404 - Add min-height to chart container in PlatformDashboard to fix recharts error
2025-11-27 12:33:12 -05:00
parent 249a9040d2
commit 06ed9e6f69
4 changed files with 52 additions and 2 deletions
--- a/frontend/src/pages/platform/PlatformDashboard.tsx
+++ b/frontend/src/pages/platform/PlatformDashboard.tsx
@@ -63,7 +63,7 @@ const PlatformDashboard: React.FC = () => {
      {/* MRR Chart */}
      <div className="bg-white dark:bg-gray-800 p-6 rounded-xl border border-gray-200 dark:border-gray-700 shadow-sm">
        <h3 className="text-lg font-semibold text-gray-900 dark:text-white mb-6">{t('platform.mrrGrowth')}</h3>
-        <div className="h-80">
+        <div className="h-80 min-h-[320px]">
          <ResponsiveContainer width="100%" height="100%">
            <AreaChart data={data}>
              <defs>
--- a/smoothschedule/config/settings/local.py
+++ b/smoothschedule/config/settings/local.py
@@ -2,6 +2,43 @@
 from .multitenancy import *  # noqa
 from .multitenancy import env, INSTALLED_APPS, MIDDLEWARE

+# =============================================================================
+# CONTENT SECURITY POLICY (CSP)
+# Explicitly imported/re-defined here to ensure they are active in local dev
+# =============================================================================
+CSP_DEFAULT_SRC = ("'self'",)
+CSP_SCRIPT_SRC = (
+    "'self'",
+    "https://js.stripe.com",
+    "https://connect-js.stripe.com",
+    "https://www.googletagmanager.com",
+    "https://www.google-analytics.com",
+    "blob:",  # Required for Stripe
+)
+CSP_STYLE_SRC = (
+    "'self'",
+    "'unsafe-inline'",  # Required for Stripe and many UI libraries
+)
+CSP_IMG_SRC = (
+    "'self'",
+    "data:",
+    "https://*.stripe.com",
+    "https://www.google-analytics.com",
+)
+CSP_CONNECT_SRC = (
+    "'self'",
+    "https://api.stripe.com",
+    "https://www.google-analytics.com",
+    "https://stats.g.doubleclick.net",
+)
+CSP_FRAME_SRC = (
+    "'self'",
+    "https://js.stripe.com",
+    "https://hooks.stripe.com",
+    "https://connect-js.stripe.com",
+)
+
+
 # GENERAL
 # ------------------------------------------------------------------------------
 # https://docs.djangoproject.com/en/dev/ref/settings/#debug
--- a/smoothschedule/config/urls.py
+++ b/smoothschedule/config/urls.py
@@ -10,7 +10,7 @@ from drf_spectacular.views import SpectacularAPIView
 from drf_spectacular.views import SpectacularSwaggerView
 from rest_framework.authtoken.views import obtain_auth_token

-from smoothschedule.users.api_views import current_user_view
+from smoothschedule.users.api_views import current_user_view, logout_view
 from schedule.api_views import current_business_view

 urlpatterns = [
@@ -36,6 +36,7 @@ urlpatterns += [
    # Auth API
    path("api/auth-token/", csrf_exempt(obtain_auth_token), name="obtain_auth_token"),
    path("api/auth/me/", current_user_view, name="current_user"),
+    path("api/auth/logout/", logout_view, name="logout"),
    # Business API
    path("api/business/current/", current_business_view, name="current_business"),
    # API Docs
--- a/smoothschedule/smoothschedule/users/api_views.py
+++ b/smoothschedule/smoothschedule/users/api_views.py
@@ -47,3 +47,15 @@ def current_user_view(request):
    }

    return Response(user_data, status=status.HTTP_200_OK)
+
+
+@api_view(['POST'])
+@permission_classes([IsAuthenticated])
+def logout_view(request):
+    """
+    Logout the current user
+    POST /api/auth/logout/
+    """
+    from django.contrib.auth import logout
+    logout(request)
+    return Response({"detail": "Successfully logged out."}, status=status.HTTP_200_OK)