Skip to content

Commit

Permalink
fix: Talisman configuration (#22591)
Browse files Browse the repository at this point in the history
  • Loading branch information
@michael-s-molina
michael-s-molina committed Jan 5, 2023
1 parent 037deb9 commit 84177cb
Showing 1 changed file with 18 additions and 10 deletions.
28 changes: 18 additions & 10 deletions superset/initialization/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -577,25 +577,33 @@ def __call__(
# Flask-Compress
Compress(self.superset_app)

# Talisman
talisman_enabled = self.config["TALISMAN_ENABLED"]
talisman_config = self.config["TALISMAN_CONFIG"]
csp_warning = self.config["CONTENT_SECURITY_POLICY_WARNING"]

if talisman_enabled:
talisman.init_app(self.superset_app, **talisman_config)

show_csp_warning = False
if (
self.config["CONTENT_SECURITY_POLICY_WARNING"]
csp_warning
and not self.superset_app.debug
and (
not talisman_enabled
or not talisman_config
or not talisman_config.get("content_security_policy")
)
):
if self.config["TALISMAN_ENABLED"]:
talisman.init_app(self.superset_app, **self.config["TALISMAN_CONFIG"])
if not self.config["TALISMAN_CONFIG"].get("content_security_policy"):
show_csp_warning = True
else:
show_csp_warning = True
show_csp_warning = True

if show_csp_warning:
logger.warning(
"We haven't found any Content Security Policy (CSP) defined in "
"the configurations. Please make sure to configure CSP using the "
"TALISMAN_CONFIG key or any other external software. Failing to "
"configure CSP have serious security implications. Check "
"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more "
"TALISMAN_ENABLED and TALISMAN_CONFIG keys or any other external "
"software. Failing to configure CSP have serious security implications. "
"Check https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more "
"information. You can disable this warning using the "
"CONTENT_SECURITY_POLICY_WARNING key."
)
Expand Down

0 comments on commit 84177cb

Please sign in to comment.