From 7c07a6581e8ff237465ffb880837f5e921af64a2 Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Fri, 16 Apr 2021 17:43:57 +0200 Subject: [PATCH] PDF: Show Preview in browser viewer for easier debugging --- src/pretix/control/views/pdf.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/pretix/control/views/pdf.py b/src/pretix/control/views/pdf.py index 7853bf52e..d364df248 100644 --- a/src/pretix/control/views/pdf.py +++ b/src/pretix/control/views/pdf.py @@ -220,7 +220,12 @@ class BaseEditorView(EventPermissionRequiredMixin, TemplateView): resp = HttpResponse(data, content_type=mimet) ftype = fname.split(".")[-1] - resp['Content-Disposition'] = 'attachment; filename="ticket-preview.{}"'.format(ftype) + if settings.DEBUG: + # attachment is more secure as we're dealing with user-generated stuff here, but inline is much more convenient during debugging + resp['Content-Disposition'] = 'inline; filename="ticket-preview.{}"'.format(ftype) + resp._csp_ignore = True + else: + resp['Content-Disposition'] = 'attachment; filename="ticket-preview.{}"'.format(ftype) return resp elif "data" in request.POST: if cf: