From f310c8c468527648e5eb060037d17a4ee4c15c4c Mon Sep 17 00:00:00 2001 From: "Michael S. Molina" Date: Wed, 4 Jan 2023 16:45:12 -0500 Subject: [PATCH 1/2] fix: Talisman configuration --- superset/initialization/__init__.py | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/superset/initialization/__init__.py b/superset/initialization/__init__.py index 2b02d5106e2d..df7b51338123 100644 --- a/superset/initialization/__init__.py +++ b/superset/initialization/__init__.py @@ -577,24 +577,32 @@ def __call__( # Flask-Compress Compress(self.superset_app) + # Talisman + talisman_enabled = self.config["TALISMAN_ENABLED"] + talisman_config = self.config["TALISMAN_CONFIG"] + csp_warning = self.config["CONTENT_SECURITY_POLICY_WARNING"] + + if talisman_enabled: + talisman.init_app(self.superset_app, **talisman_config) + show_csp_warning = False if ( - self.config["CONTENT_SECURITY_POLICY_WARNING"] + csp_warning and not self.superset_app.debug + and ( + not talisman_enabled + or not talisman_config + or not talisman_config.get("content_security_policy") + ) ): - if self.config["TALISMAN_ENABLED"]: - talisman.init_app(self.superset_app, **self.config["TALISMAN_CONFIG"]) - if not self.config["TALISMAN_CONFIG"].get("content_security_policy"): - show_csp_warning = True - else: - show_csp_warning = True + show_csp_warning = True if show_csp_warning: logger.warning( "We haven't found any Content Security Policy (CSP) defined in " "the configurations. Please make sure to configure CSP using the " - "TALISMAN_CONFIG key or any other external software. Failing to " - "configure CSP have serious security implications. Check " + "TALISMAN_ENABLED and TALISMAN_CONFIG keys or any other external software. " + "Failing to configure CSP have serious security implications. Check " "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more " "information. You can disable this warning using the " "CONTENT_SECURITY_POLICY_WARNING key." From 9d8754a5d04191f212643c52e0fd273a269eae6a Mon Sep 17 00:00:00 2001 From: "Michael S. Molina" Date: Wed, 4 Jan 2023 17:02:28 -0500 Subject: [PATCH 2/2] Fixes pylint --- superset/initialization/__init__.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/superset/initialization/__init__.py b/superset/initialization/__init__.py index df7b51338123..1cffbd0dc203 100644 --- a/superset/initialization/__init__.py +++ b/superset/initialization/__init__.py @@ -601,9 +601,9 @@ def __call__( logger.warning( "We haven't found any Content Security Policy (CSP) defined in " "the configurations. Please make sure to configure CSP using the " - "TALISMAN_ENABLED and TALISMAN_CONFIG keys or any other external software. " - "Failing to configure CSP have serious security implications. Check " - "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more " + "TALISMAN_ENABLED and TALISMAN_CONFIG keys or any other external " + "software. Failing to configure CSP have serious security implications. " + "Check https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more " "information. You can disable this warning using the " "CONTENT_SECURITY_POLICY_WARNING key." )