You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by "jfrag1 (via GitHub)" <gi...@apache.org> on 2023/04/13 21:21:29 UTC

[GitHub] [superset] jfrag1 commented on a diff in pull request #23678: chore(api v1): Deprecate datasource/save and datasource/get endpoints

jfrag1 commented on code in PR #23678:
URL: https://github.com/apache/superset/pull/23678#discussion_r1166038067


##########
superset/datasets/commands/update.py:
##########
@@ -101,6 +104,14 @@ def validate(self) -> None:
             self._properties["owners"] = owners
         except ValidationError as ex:
             exceptions.append(ex)
+        # Validate default URL safety
+        default_endpoint = self._properties.get("default_endpoint")
+        if (
+            default_endpoint
+            and not is_safe_url(default_endpoint)
+            and current_app.config["PREVENT_UNSAFE_DEFAULT_URLS_ON_DATASET"]
+        ):
+            exceptions.append(DatasetEndpointUnsafeValidationError())

Review Comment:
   Porting this check over from the datasource/save endpoint



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org