Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] allowing to set static headers as configuration #1126

Merged
merged 2 commits into from
Sep 21, 2016
Merged

[security] allowing to set static headers as configuration #1126

merged 2 commits into from
Sep 21, 2016

Conversation

mistercrunch
Copy link
Member

No description provided.

@mistercrunch
Copy link
Member Author

@williaster does that break your integration?

@mistercrunch mistercrunch changed the title [security] setting X-Frame-Options=SAMEORIGIN to prevent clickjacking [security] allowing to set static headers as configuration Sep 20, 2016
ascott
ascott reviewed Sep 20, 2016
View reviewed changes
caravel/config.py
# static http headers to be served by your Caravel server.
# The following example prevents iFrame from other domains
# and "clickjacking" as a result
# HTTP_HEADERS = {'X-Frame-Options': 'SAMEORIGIN'}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't this the one we want to uncomment?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's there as an example, I don't want to set headers on behalf of others. People override this configuration by setting up a caravel_config module in their PYTHONPATH (for us it's doen in chef), where I have another PR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah gotcha! 🆗 🎉

@mistercrunch mistercrunch merged commit b587576 into apache:master Sep 21, 2016
@mistercrunch mistercrunch deleted the clickjack branch September 21, 2016 21:41
zhaoyongjie pushed a commit to zhaoyongjie/incubator-superset that referenced this pull request Nov 17, 2021
@villebro @zhaoyongjie
fix(plugin-chart-echarts): sanitize series from html tags (apache#1126)
257a8cf 
* fix(plugin-chart-echarts): sanitize series from html tags

* use echarts html encoder
zhaoyongjie pushed a commit to zhaoyongjie/incubator-superset that referenced this pull request Nov 24, 2021
@villebro @zhaoyongjie
fix(plugin-chart-echarts): sanitize series from html tags (apache#1126)
1b7f85a 
* fix(plugin-chart-echarts): sanitize series from html tags

* use echarts html encoder
zhaoyongjie pushed a commit to zhaoyongjie/incubator-superset that referenced this pull request Nov 25, 2021
@villebro @zhaoyongjie
fix(plugin-chart-echarts): sanitize series from html tags (apache#1126)
9ad5d31 
* fix(plugin-chart-echarts): sanitize series from html tags

* use echarts html encoder
zhaoyongjie pushed a commit to zhaoyongjie/incubator-superset that referenced this pull request Nov 26, 2021
@villebro @zhaoyongjie
fix(plugin-chart-echarts): sanitize series from html tags (apache#1126)
895d9d3 
* fix(plugin-chart-echarts): sanitize series from html tags

* use echarts html encoder
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.11.0 labels Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ascott ascott ascott left review comments

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.11.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mistercrunch @ascott