Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure Content Security Policy (CSP) properly #416

Open
3 tasks
maltesander opened this issue Oct 19, 2023 · 0 comments
Open
3 tasks

Configure Content Security Policy (CSP) properly #416

maltesander opened this issue Oct 19, 2023 · 0 comments

Comments

@maltesander
Copy link
Member

From superset version 3.0.0 the TALISMAN_ENABLED defaults to true. This leads to not being able to login from external sources. The PR #415 is setting TALISMAN_ENABLED to false to keep existing functionality.
This should however be configured properly via TALISMAN_CONFIG to increase security.

See: apache/superset#24262
See: https://superset.apache.org/docs/security/#content-security-policy-csp

Issue checklist

  • Describe the use-case, as far is possible. For instance, using the pattern "As a XXXX, I would like XXXX to be able to do XXXX" helps to identify the feature as well as the problem it is intended to address.
  • Indicate an approximate level of importance and urgency.
  • Indicate if there is a known work-around until such time as the issue has been implemented.
@maltesander maltesander mentioned this issue Oct 19, 2023
Merged
@fhennig fhennig changed the title Configure CSP properly Configure Content Security Policy (CSP) properly Oct 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maltesander