fix(config): correct slack image url in talisman (#32778)

2026-04-19 16:14:52 +00:00 · 2025-03-21 22:02:51 +05:30
parent 5ec710efc6
commit 9bb3a5782d
2 changed files with 48 additions and 2 deletions
--- a/docs/docs/security/security.mdx
+++ b/docs/docs/security/security.mdx
@@ -280,6 +280,49 @@ TALISMAN_CONFIG = {
    "content_security_policy": { ...
 ```

+#### Configuring Talisman in Superset
+
+Talisman settings in Superset can be modified using superset_config.py. If you need to adjust security policies, you can override the default configuration.
+
+Example: Overriding Talisman Configuration in superset_config.py for loading images form s3 or other external sources.
+
+```python
+TALISMAN_CONFIG = {
+    "content_security_policy": {
+        "base-uri": ["'self'"],
+        "default-src": ["'self'"],
+        "img-src": [
+            "'self'",
+            "blob:",
+            "data:",
+            "https://apachesuperset.gateway.scarf.sh",
+            "https://static.scarf.sh/",
+            # "https://cdn.brandfolder.io", # Uncomment when SLACK_ENABLE_AVATARS is True  # noqa: E501
+            "ows.terrestris.de",
+            "aws.s3.com", # Add Your Bucket or external data source
+        ],
+        "worker-src": ["'self'", "blob:"],
+        "connect-src": [
+            "'self'",
+            "https://api.mapbox.com",
+            "https://events.mapbox.com",
+        ],
+        "object-src": "'none'",
+        "style-src": [
+            "'self'",
+            "'unsafe-inline'",
+        ],
+        "script-src": ["'self'", "'strict-dynamic'"],
+    },
+    "content_security_policy_nonce_in": ["script-src"],
+    "force_https": False,
+    "session_cookie_secure": False,
+}
+```
+
+# For more information on setting up Talisman, please refer to
+https://superset.apache.org/docs/configuration/networking-settings/#changing-flask-talisman-csp
+
 ### Reporting Security Vulnerabilities

 Apache Software Foundation takes a rigorous standpoint in annihilating the security issues in its
--- a/superset/config.py
+++ b/superset/config.py
@@ -1614,6 +1614,9 @@ CONTENT_SECURITY_POLICY_WARNING = True
 TALISMAN_ENABLED = utils.cast_to_boolean(os.environ.get("TALISMAN_ENABLED", True))

 # If you want Talisman, how do you want it configured??
+# For more information on setting up Talisman, please refer to
+# https://superset.apache.org/docs/configuration/networking-settings/#changing-flask-talisman-csp
+
 TALISMAN_CONFIG = {
    "content_security_policy": {
        "base-uri": ["'self'"],
@@ -1624,7 +1627,7 @@ TALISMAN_CONFIG = {
            "data:",
            "https://apachesuperset.gateway.scarf.sh",
            "https://static.scarf.sh/",
-            # "https://avatars.slack-edge.com", # Uncomment when SLACK_ENABLE_AVATARS is True  # noqa: E501
+            # "https://cdn.brandfolder.io", # Uncomment when SLACK_ENABLE_AVATARS is True  # noqa: E501
            "ows.terrestris.de",
        ],
        "worker-src": ["'self'", "blob:"],
@@ -1655,7 +1658,7 @@ TALISMAN_DEV_CONFIG = {
            "data:",
            "https://apachesuperset.gateway.scarf.sh",
            "https://static.scarf.sh/",
-            "https://avatars.slack-edge.com",
+            "https://cdn.brandfolder.io",
            "ows.terrestris.de",
        ],
        "worker-src": ["'self'", "blob:"],