You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@superset.apache.org by dp...@apache.org on 2023/12/13 11:45:24 UTC

(superset) branch master updated: chore: improve CSP add base uri restriction (#26251)

This is an automated email from the ASF dual-hosted git repository.

dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git


The following commit(s) were added to refs/heads/master by this push:
     new 578a899152 chore: improve CSP add base uri restriction (#26251)
578a899152 is described below

commit 578a899152719415c65c24055f4378b838ded435
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Wed Dec 13 11:45:14 2023 +0000

    chore: improve CSP add base uri restriction (#26251)
---
 superset/config.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/superset/config.py b/superset/config.py
index 98f87e6f02..ca801442d9 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1425,6 +1425,7 @@ TALISMAN_ENABLED = utils.cast_to_boolean(os.environ.get("TALISMAN_ENABLED", True
 # If you want Talisman, how do you want it configured??
 TALISMAN_CONFIG = {
     "content_security_policy": {
+        "base-uri": ["'self'"],
         "default-src": ["'self'"],
         "img-src": ["'self'", "blob:", "data:"],
         "worker-src": ["'self'", "blob:"],
@@ -1447,6 +1448,7 @@ TALISMAN_CONFIG = {
 # React requires `eval` to work correctly in dev mode
 TALISMAN_DEV_CONFIG = {
     "content_security_policy": {
+        "base-uri": ["'self'"],
         "default-src": ["'self'"],
         "img-src": ["'self'", "blob:", "data:"],
         "worker-src": ["'self'", "blob:"],