You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@superset.apache.org by er...@apache.org on 2021/11/12 22:22:04 UTC

[superset] 01/01: fix: allow POST chart/data request without CSRF token

This is an automated email from the ASF dual-hosted git repository.

erikrit pushed a commit to branch etr2460-patch-4
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 94f8b84d01acd59ff08cdaaf05e1c1660dbbab23
Author: Erik Ritter <er...@airbnb.com>
AuthorDate: Fri Nov 12 14:21:01 2021 -0800

    fix: allow POST chart/data request without CSRF token
---
 superset/config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/superset/config.py b/superset/config.py
index db34343..4b571da 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -191,7 +191,7 @@ QUERY_SEARCH_LIMIT = 1000
 WTF_CSRF_ENABLED = True
 
 # Add endpoints that need to be exempt from CSRF protection
-WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.api.data"]
+WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.data.api.data"]
 
 # Whether to run the web server in debug mode or not
 DEBUG = os.environ.get("FLASK_ENV") == "development"