You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/09/27 16:41:04 UTC
[GitHub] [incubator-superset] craig-rueda opened a new pull request #8317:
Adding explicit Flask session cookie options to default config
craig-rueda opened a new pull request #8317: Adding explicit Flask session cookie options to default config
URL: https://github.com/apache/incubator-superset/pull/8317
### CATEGORY
Choose one
- [x] Bug Fix
- [ ] Enhancement (new features, refinement)
- [ ] Refactor
- [ ] Add tests
- [ ] Build / Development Environment
- [ ] Documentation
### SUMMARY
This will enforce a SameSite policy of `Lax` for session cookies served up by Superset.
(https://www.owasp.org/index.php/SameSite)
The SameSite cookie attribute attempts to solve many of the issues associated with cross origin attacks as they relate to cookies with a single option.
In this PR, I'm basically surfacing the underlying Flask options which control these options and am providing a sensible set of defaults.
### REVIEWERS
@mistercrunch @dpgaspar
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org