You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by er...@apache.org on 2021/11/12 22:22:04 UTC
[superset] 01/01: fix: allow POST chart/data request without CSRF
token
This is an automated email from the ASF dual-hosted git repository.
erikrit pushed a commit to branch etr2460-patch-4
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 94f8b84d01acd59ff08cdaaf05e1c1660dbbab23
Author: Erik Ritter <er...@airbnb.com>
AuthorDate: Fri Nov 12 14:21:01 2021 -0800
fix: allow POST chart/data request without CSRF token
---
superset/config.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/superset/config.py b/superset/config.py
index db34343..4b571da 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -191,7 +191,7 @@ QUERY_SEARCH_LIMIT = 1000
WTF_CSRF_ENABLED = True
# Add endpoints that need to be exempt from CSRF protection
-WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.api.data"]
+WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.data.api.data"]
# Whether to run the web server in debug mode or not
DEBUG = os.environ.get("FLASK_ENV") == "development"