pt
/
superset
mirror of https://github.com/apache/superset.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: Styles not loading because of faulty CSP setting (#25468)

This commit is contained in:
Kamil Gabryjelski 2023-09-29 20:54:32 +02:00 committed by GitHub
parent 7eab59af51
commit 0cebffd59a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
superset/config.py
View File

@ -1426,10 +1426,14 @@ TALISMAN_CONFIG = {
"https://events.mapbox.com",
],
"object-src": "'none'",
"style-src": ["'self'", "'unsafe-inline'"],
"style-src": [
"'self'",
"'unsafe-inline'",
"https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css",
],
"script-src": ["'self'", "'strict-dynamic'"],
},
"content_security_policy_nonce_in": ["script-src", "style-src"],
"content_security_policy_nonce_in": ["script-src"],
"force_https": False,
}
# React requires `eval` to work correctly in dev mode
@ -1444,10 +1448,14 @@ TALISMAN_DEV_CONFIG = {
"https://events.mapbox.com",
],
"object-src": "'none'",
"style-src": ["'self'", "'unsafe-inline'"],
"style-src": [
"'self'",
"'unsafe-inline'",
"https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css",
],
"script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
},
"content_security_policy_nonce_in": ["script-src", "style-src"],
"content_security_policy_nonce_in": ["script-src"],
"force_https": False,
}