You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2023/10/02 14:47:56 UTC
[superset] 04/05: fix: Styles not loading because of faulty CSP setting (#25468)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 0dd1a3bea5baf403d9081f0f2cf83b61ce0245ba
Author: Kamil Gabryjelski <ka...@gmail.com>
AuthorDate: Fri Sep 29 20:54:32 2023 +0200
fix: Styles not loading because of faulty CSP setting (#25468)
(cherry picked from commit 0cebffd59a45bb7256e1817d9792dbe2793fba72)
---
superset/config.py | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/superset/config.py b/superset/config.py
index 6ec132d43e..bda7d0e5f0 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1415,10 +1415,14 @@ TALISMAN_CONFIG = {
"https://events.mapbox.com",
],
"object-src": "'none'",
- "style-src": ["'self'", "'unsafe-inline'"],
+ "style-src": [
+ "'self'",
+ "'unsafe-inline'",
+ "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css",
+ ],
"script-src": ["'self'", "'strict-dynamic'"],
},
- "content_security_policy_nonce_in": ["script-src", "style-src"],
+ "content_security_policy_nonce_in": ["script-src"],
"force_https": False,
}
# React requires `eval` to work correctly in dev mode
@@ -1433,10 +1437,14 @@ TALISMAN_DEV_CONFIG = {
"https://events.mapbox.com",
],
"object-src": "'none'",
- "style-src": ["'self'", "'unsafe-inline'"],
+ "style-src": [
+ "'self'",
+ "'unsafe-inline'",
+ "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css",
+ ],
"script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
},
- "content_security_policy_nonce_in": ["script-src", "style-src"],
+ "content_security_policy_nonce_in": ["script-src"],
"force_https": False,
}