You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2023/01/06 13:39:34 UTC

[superset] 01/02: fix: Talisman configuration (#22591)

This is an automated email from the ASF dual-hosted git repository.

michaelsmolina pushed a commit to branch 1.5
in repository https://gitbox.apache.org/repos/asf/superset.git

commit bf0e98c72e3fc3262420f7a3871dde178b6bbf3d
Author: Michael S. Molina <mi...@gmail.com>
AuthorDate: Thu Jan 5 15:05:44 2023 -0500

    fix: Talisman configuration (#22591)
---
 superset/initialization/__init__.py | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/superset/initialization/__init__.py b/superset/initialization/__init__.py
index 1c1a4b8ad4..6e13638478 100644
--- a/superset/initialization/__init__.py
+++ b/superset/initialization/__init__.py
@@ -677,25 +677,33 @@ class SupersetAppInitializer:  # pylint: disable=too-many-public-methods
         # Flask-Compress
         Compress(self.superset_app)
 
+        # Talisman
+        talisman_enabled = self.config["TALISMAN_ENABLED"]
+        talisman_config = self.config["TALISMAN_CONFIG"]
+        csp_warning = self.config["CONTENT_SECURITY_POLICY_WARNING"]
+
+        if talisman_enabled:
+            talisman.init_app(self.superset_app, **talisman_config)
+
         show_csp_warning = False
         if (
-            self.config["CONTENT_SECURITY_POLICY_WARNING"]
+            csp_warning
             and not self.superset_app.debug
+            and (
+                not talisman_enabled
+                or not talisman_config
+                or not talisman_config.get("content_security_policy")
+            )
         ):
-            if self.config["TALISMAN_ENABLED"]:
-                talisman.init_app(self.superset_app, **self.config["TALISMAN_CONFIG"])
-                if not self.config["TALISMAN_CONFIG"].get("content_security_policy"):
-                    show_csp_warning = True
-            else:
-                show_csp_warning = True
+            show_csp_warning = True
 
         if show_csp_warning:
             logger.warning(
                 "We haven't found any Content Security Policy (CSP) defined in "
                 "the configurations. Please make sure to configure CSP using the "
-                "TALISMAN_CONFIG key or any other external software. Failing to "
-                "configure CSP have serious security implications. Check "
-                "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more "
+                "TALISMAN_ENABLED and TALISMAN_CONFIG keys or any other external "
+                "software. Failing to configure CSP have serious security implications. "
+                "Check https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more "
                 "information. You can disable this warning using the "
                 "CONTENT_SECURITY_POLICY_WARNING key."
             )