QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-18 23:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding hook for CSRF exempting flask views. (#3435)

Browse Source
This commit is contained in:
fabianmenges
2017-09-14 23:54:18 -04:00
committed by Maxime Beauchemin
parent 32bd827b25
commit e22aecb0d1
3 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/installation.rst
View File

@@ -157,6 +157,8 @@ of the parameters you can copy / paste in that configuration module: ::
# Flask-WTF flag for CSRF
WTF_CSRF_ENABLED = True
# Add endpoints that need to be exempt from CSRF protection
WTF_CSRF_EXEMPT_LIST = []
# Set this API key to enable Mapbox visualizations
MAPBOX_API_KEY = ''
@@ -172,6 +174,11 @@ Please make sure to change:
* *SQLALCHEMY_DATABASE_URI*, by default it is stored at *~/.superset/superset.db*
* *SECRET_KEY*, to a long random string
In case you need to exempt endpoints from CSRF, e.g. you are running a custom
auth postback endpoint, you can add them to *WTF_CSRF_EXEMPT_LIST*
WTF_CSRF_EXEMPT_LIST = ['']
Database dependencies
---------------------