Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Talisman configuration #22591

Merged
merged 2 commits into from
Jan 5, 2023
Merged

fix: Talisman configuration #22591

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f310c8c
fix: Talisman configuration
michael-s-molina Jan 4, 2023
9d8754a
Fixes pylint
michael-s-molina Jan 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
28 changes: 18 additions & 10 deletions superset/initialization/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -577,25 +577,33 @@ def __call__(
# Flask-Compress
Compress(self.superset_app)

# Talisman
talisman_enabled = self.config["TALISMAN_ENABLED"]
talisman_config = self.config["TALISMAN_CONFIG"]
csp_warning = self.config["CONTENT_SECURITY_POLICY_WARNING"]

if talisman_enabled:
talisman.init_app(self.superset_app, **talisman_config)

show_csp_warning = False
if (
self.config["CONTENT_SECURITY_POLICY_WARNING"]
csp_warning
and not self.superset_app.debug
and (
not talisman_enabled
or not talisman_config
or not talisman_config.get("content_security_policy")
)
):
if self.config["TALISMAN_ENABLED"]:
talisman.init_app(self.superset_app, **self.config["TALISMAN_CONFIG"])
if not self.config["TALISMAN_CONFIG"].get("content_security_policy"):
show_csp_warning = True
else:
show_csp_warning = True
show_csp_warning = True

if show_csp_warning:
logger.warning(
"We haven't found any Content Security Policy (CSP) defined in "
"the configurations. Please make sure to configure CSP using the "
"TALISMAN_CONFIG key or any other external software. Failing to "
"configure CSP have serious security implications. Check "
"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more "
"TALISMAN_ENABLED and TALISMAN_CONFIG keys or any other external "
"software. Failing to configure CSP have serious security implications. "
"Check https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP for more "
"information. You can disable this warning using the "
"CONTENT_SECURITY_POLICY_WARNING key."
)
Expand Down