[feature flag] Enforce csrf protection on explore_json endpoint (#7935)

also added a section for featured flags in http://superset.incubator.apache.org/installation.html
2026-04-20 00:24:38 +00:00 · 2019-07-29 16:22:47 -07:00
parent d37b7cdce8
commit 06d547fbac
4 changed files with 42 additions and 4 deletions
--- a/superset/views/base.py
+++ b/superset/views/base.py
@@ -32,6 +32,7 @@ from flask_babel import gettext as __
 from flask_babel import lazy_gettext as _
 from flask_wtf.form import FlaskForm
 import simplejson as json
+from werkzeug.exceptions import HTTPException
 from wtforms.fields.core import Field, UnboundField
 import yaml

@@ -134,6 +135,13 @@ def handle_api_exception(f):
                stacktrace=utils.get_stacktrace(),
                status=e.status,
            )
+        except HTTPException as e:
+            logging.exception(e)
+            return json_error_response(
+                utils.error_msg_from_exception(e),
+                stacktrace=traceback.format_exc(),
+                status=e.code,
+            )
        except Exception as e:
            logging.exception(e)
            return json_error_response(