You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2023/01/05 15:37:43 UTC
[superset] branch master updated: fix: Talisman configuration (#22591)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 84177cbc75 fix: Talisman configuration (#22591)
84177cbc75 is described below
commit 84177cbc750b9a72eaaa0d7b624821caa8bb2190
Author: Michael S. Molina <70...@users.noreply.github.com>
AuthorDate: Thu Jan 5 10:37:35 2023 -0500
fix: Talisman configuration (#22591)
---
superset/initialization/__init__.py | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/superset/initialization/__init__.py b/superset/initialization/__init__.py
index 2b02d5106e..1cffbd0dc2 100644
--- a/superset/initialization/__init__.py
+++ b/superset/initialization/__init__.py
@@ -577,25 +577,33 @@ class SupersetAppInitializer: # pylint: disable=too-many-public-methods
# Flask-Compress
Compress(self.superset_app)
+ # Talisman
+ talisman_enabled = self.config["TALISMAN_ENABLED"]
+ talisman_config = self.config["TALISMAN_CONFIG"]
+ csp_warning = self.config["CONTENT_SECURITY_POLICY_WARNING"]
+
+ if talisman_enabled:
+ talisman.init_app(self.superset_app, **talisman_config)
+
show_csp_warning = False
if (
- self.config["CONTENT_SECURITY_POLICY_WARNING"]
+ csp_warning
and not self.superset_app.debug
+ and (
+ not talisman_enabled
+ or not talisman_config
+ or not talisman_config.get("content_security_policy")
+ )
):
- if self.config["TALISMAN_ENABLED"]:
- talisman.init_app(self.superset_app, **self.config["TALISMAN_CONFIG"])
- if not self.config["TALISMAN_CONFIG"].get("content_security_policy"):
- show_csp_warning = True
- else:
- show_csp_warning = True
+ show_csp_warning = True
if show_csp_warning:
logger.warning(
"We haven't found any Content Security Policy (CSP) defined in "
"the configurations. Please make sure to configure CSP using the "
- "TALISMAN_CONFIG key or any other external software. Failing to "
- "configure CSP have serious security implications. Check "
- "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more "
+ "TALISMAN_ENABLED and TALISMAN_CONFIG keys or any other external "
+ "software. Failing to configure CSP have serious security implications. "
+ "Check https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more "
"information. You can disable this warning using the "
"CONTENT_SECURITY_POLICY_WARNING key."
)