fix(async-queries): make global async. queries cookie SameSite option configurable (#21185)

Co-authored-by: Ville Brofeldt <ville.brofeldt@apple.com>
2026-04-19 08:04:53 +00:00 · 2023-01-16 08:52:15 +01:00
parent eb66590b6a
commit 80b31130b4
3 changed files with 9 additions and 2 deletions
--- a/superset/utils/async_query_manager.py
+++ b/superset/utils/async_query_manager.py
@@ -17,7 +17,7 @@
 import json
 import logging
 import uuid
-from typing import Any, Dict, List, Optional, Tuple
+from typing import Any, Dict, List, Literal, Optional, Tuple

 import jwt
 import redis
@@ -80,6 +80,7 @@ class AsyncQueryManager:
        self._jwt_cookie_name: str = ""
        self._jwt_cookie_secure: bool = False
        self._jwt_cookie_domain: Optional[str]
+        self._jwt_cookie_samesite: Optional[Literal["None", "Lax", "Strict"]] = None
        self._jwt_secret: str

    def init_app(self, app: Flask) -> None:
@@ -110,6 +111,7 @@ class AsyncQueryManager:
        ]
        self._jwt_cookie_name = config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME"]
        self._jwt_cookie_secure = config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SECURE"]
+        self._jwt_cookie_samesite = config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SAMESITE"]
        self._jwt_cookie_domain = config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_DOMAIN"]
        self._jwt_secret = config["GLOBAL_ASYNC_QUERIES_JWT_SECRET"]

@@ -142,6 +144,7 @@ class AsyncQueryManager:
                    httponly=True,
                    secure=self._jwt_cookie_secure,
                    domain=self._jwt_cookie_domain,
+                    samesite=self._jwt_cookie_samesite,
                )

            return response