You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2023/12/15 16:18:35 UTC
(superset) 02/05: chore: improve CSP add base uri restriction (#26251)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
commit c878e2e102a39fec9fd70558e96e2d3dfbfb0bf7
Author: Daniel Vaz Gaspar <da...@gmail.com>
AuthorDate: Wed Dec 13 11:45:14 2023 +0000
chore: improve CSP add base uri restriction (#26251)
(cherry picked from commit 578a899152719415c65c24055f4378b838ded435)
---
superset/config.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/superset/config.py b/superset/config.py
index 164ea1a5be..d62136a000 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1409,6 +1409,7 @@ TALISMAN_ENABLED = utils.cast_to_boolean(os.environ.get("TALISMAN_ENABLED", True
# If you want Talisman, how do you want it configured??
TALISMAN_CONFIG = {
"content_security_policy": {
+ "base-uri": ["'self'"],
"default-src": ["'self'"],
"img-src": ["'self'", "blob:", "data:"],
"worker-src": ["'self'", "blob:"],
@@ -1431,6 +1432,7 @@ TALISMAN_CONFIG = {
# React requires `eval` to work correctly in dev mode
TALISMAN_DEV_CONFIG = {
"content_security_policy": {
+ "base-uri": ["'self'"],
"default-src": ["'self'"],
"img-src": ["'self'", "blob:", "data:"],
"worker-src": ["'self'", "blob:"],