You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@superset.apache.org by su...@apache.org on 2021/12/15 04:40:00 UTC

[superset] 03/04: adjust csrf exempt list

This is an automated email from the ASF dual-hosted git repository.

suddjian pushed a commit to branch guest-token-authz
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 4fd8715b42185477706bdbd1493635636abe3a22
Author: David Aaron Suddjian <aa...@gmail.com>
AuthorDate: Sat Dec 11 02:35:24 2021 -0800

    adjust csrf exempt list
---
 superset/config.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/superset/config.py b/superset/config.py
index 2ff2f1a..f7a5bc5 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -191,7 +191,11 @@ QUERY_SEARCH_LIMIT = 1000
 WTF_CSRF_ENABLED = True
 
 # Add endpoints that need to be exempt from CSRF protection
-WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.data.api.data"]
+WTF_CSRF_EXEMPT_LIST = [
+    "superset.views.core.log",
+    "superset.views.core.explore_json",
+    "superset.charts.data.api.data",
+]
 
 # Whether to run the web server in debug mode or not
 DEBUG = os.environ.get("FLASK_ENV") == "development"