From 99604036c28c69c5cb4974a1b625de040a96347e Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Fri, 29 Jul 2016 20:53:51 +0200
Subject: [PATCH] Fixed broken Django error pages due to CSP headers

---
 src/pretix/base/middleware.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/pretix/base/middleware.py b/src/pretix/base/middleware.py
index 83269b313..7f633eee5 100644
--- a/src/pretix/base/middleware.py
+++ b/src/pretix/base/middleware.py
@@ -147,6 +147,11 @@ class SecurityMiddleware:
         return "; ".join(k + ' ' + v for k, v in h.items())
 
     def process_response(self, request, resp):
+        if settings.DEBUG and resp.status_code >= 400:
+            # Don't use CSP on debug error page as it breaks of Django's fancy error
+            # pages
+            return resp
+
         resp['X-XSS-Protection'] = '1'
         h = {
             'default-src': "{static}",