QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-12 19:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: improve CSP add base uri restriction (#26251)

Browse Source 
(cherry picked from commit 578a899152)
This commit is contained in:
Daniel Vaz Gaspar
2023-12-13 11:45:14 +00:00
committed by Michael S. Molina
parent c99c6301c7
commit c878e2e102
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
superset/config.py
View File

@@ -1409,6 +1409,7 @@ TALISMAN_ENABLED = utils.cast_to_boolean(os.environ.get("TALISMAN_ENABLED", True
# If you want Talisman, how do you want it configured?? # If you want Talisman, how do you want it configured??
TALISMAN_CONFIG = { TALISMAN_CONFIG = {
"content_security_policy": { "content_security_policy": {
"base-uri": ["'self'"],
"default-src": ["'self'"], "default-src": ["'self'"],
"img-src": ["'self'", "blob:", "data:"], "img-src": ["'self'", "blob:", "data:"],
"worker-src": ["'self'", "blob:"], "worker-src": ["'self'", "blob:"],
@@ -1431,6 +1432,7 @@ TALISMAN_CONFIG = {
# React requires `eval` to work correctly in dev mode # React requires `eval` to work correctly in dev mode
TALISMAN_DEV_CONFIG = { TALISMAN_DEV_CONFIG = {
"content_security_policy": { "content_security_policy": {
"base-uri": ["'self'"],
"default-src": ["'self'"], "default-src": ["'self'"],
"img-src": ["'self'", "blob:", "data:"], "img-src": ["'self'", "blob:", "data:"],
"worker-src": ["'self'", "blob:"], "worker-src": ["'self'", "blob:"],