You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2023/01/13 06:32:27 UTC
[GitHub] [superset] reidab opened a new pull request, #22716: fix(helm): remove config overrides for CSRF
reidab opened a new pull request, #22716:
URL: https://github.com/apache/superset/pull/22716
### SUMMARY
Fixes #22715
This PR removes the `WTF_` CSRF-related overrides from the configuration file generated by the Helm chart, allowing the defaults from `config.py` to be used.
https://github.com/apache/superset/blob/2ccdb72830ffb549c0112442ba0bc7e4219261d4/superset/config.py#L249-L257
As noted in #22715, there may be better ways to handle the CSRF exclusion for these three routes outside of the config file to prevent this same mistake from being made in other context. This is just the simplest solution that solves the issue with the Helm chart clearing the list.
### TESTING INSTRUCTIONS
1. Deploy a copy of Superset using the Helm chart
2. Navigate around the UI
3. Confirm that calls to `/superset/log` are returning 200 instead of 302 redirects to `/login`
### ADDITIONAL INFORMATION
<!--- Check any relevant boxes with "x" -->
<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
- [x] Has associated issue: #22715
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351))
- [ ] Migration is atomic, supports rollback & is backwards-compatible
- [ ] Confirm DB migration upgrade and downgrade tested
- [ ] Runtime estimates and downtime expectations provided
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] craig-rueda merged pull request #22716: fix(helm): remove config overrides for CSRF
Posted by GitBox <gi...@apache.org>.
craig-rueda merged PR #22716:
URL: https://github.com/apache/superset/pull/22716
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] reidab commented on pull request #22716: fix(helm): remove config overrides for CSRF
Posted by GitBox <gi...@apache.org>.
reidab commented on PR #22716:
URL: https://github.com/apache/superset/pull/22716#issuecomment-1382226586
> You need to re-generate the helm `README` as the version bump requires this
@craig-rueda just re-generated the README and updated the branch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org