From de3407dc0d05ef4f37662dbaedf907eccdd77713 Mon Sep 17 00:00:00 2001 From: Reid Beels Date: Thu, 12 Jan 2023 22:16:54 -0800 Subject: [PATCH] fix(helm): remove config overrides for CSRF This prevents the configuration generated by the helm chart from overriding the default WTF_ configuration values in config.py. Without these default values, calls to three logging and chart data endpoints will fail with CSRF errors. --- helm/superset/Chart.yaml | 2 +- helm/superset/README.md | 2 +- helm/superset/templates/_helpers.tpl | 6 ------ 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml index 6321e075a3651..63816fbc7a2e2 100644 --- a/helm/superset/Chart.yaml +++ b/helm/superset/Chart.yaml @@ -29,7 +29,7 @@ maintainers: - name: craig-rueda email: craig@craigrueda.com url: https://github.com/craig-rueda -version: 0.8.2 +version: 0.8.3 dependencies: - name: postgresql version: 12.1.6 diff --git a/helm/superset/README.md b/helm/superset/README.md index 03d3c1f326382..52a55b472c5d0 100644 --- a/helm/superset/README.md +++ b/helm/superset/README.md @@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs # superset -![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) +![Version: 0.8.3](https://img.shields.io/badge/Version-0.8.3-informational?style=flat-square) Apache Superset is a modern, enterprise-ready business intelligence web application diff --git a/helm/superset/templates/_helpers.tpl b/helm/superset/templates/_helpers.tpl index 593fd0319885d..d551fcf6e82c7 100644 --- a/helm/superset/templates/_helpers.tpl +++ b/helm/superset/templates/_helpers.tpl @@ -83,12 +83,6 @@ SQLALCHEMY_DATABASE_URI = f"postgresql+psycopg2://{env('DB_USER')}:{env('DB_PASS SQLALCHEMY_TRACK_MODIFICATIONS = True SECRET_KEY = env('SECRET_KEY', 'thisISaSECRET_1234') -# Flask-WTF flag for CSRF -WTF_CSRF_ENABLED = True -# Add endpoints that need to be exempt from CSRF protection -WTF_CSRF_EXEMPT_LIST = [] -# A CSRF token that expires in 1 year -WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 365 class CeleryConfig(object): CELERY_IMPORTS = ('superset.sql_lab', ) CELERY_ANNOTATIONS = {'tasks.add': {'rate_limit': '10/s'}}