mirror of https://github.com/apache/superset.git
refactor: Removes the deprecated ENABLE_EXPLORE_JSON_CSRF_PROTECTION feature flag (#26344)
This commit is contained in:
parent
b06ab7d8e3
commit
cf20b3439c
|
@ -86,7 +86,6 @@ These features flags currently default to True and **will be removed in a future
|
|||
- DASHBOARD_CROSS_FILTERS
|
||||
- DASHBOARD_FILTERS_EXPERIMENTAL
|
||||
- DASHBOARD_NATIVE_FILTERS
|
||||
- ENABLE_EXPLORE_JSON_CSRF_PROTECTION
|
||||
- ENABLE_JAVASCRIPT_CONTROLS
|
||||
- GENERIC_CHART_AXES
|
||||
- KV_STORE
|
||||
|
|
|
@ -30,6 +30,7 @@ assists people when migrating to a new version.
|
|||
|
||||
### Breaking Changes
|
||||
|
||||
- [26344](https://github.com/apache/superset/issues/26344): Removes the deprecated `ENABLE_EXPLORE_JSON_CSRF_PROTECTION` feature flag. The previous value of the feature flag was `False` and now the feature is permanently removed.
|
||||
- [26345](https://github.com/apache/superset/issues/26345): Removes the deprecated `ENABLE_TEMPLATE_REMOVE_FILTERS` feature flag. The previous value of the feature flag was `True` and now the feature is permanently enabled.
|
||||
- [26346](https://github.com/apache/superset/issues/26346): Removes the deprecated `REMOVE_SLICE_LEVEL_LABEL_COLORS` feature flag. The previous value of the feature flag was `False` and now the feature is permanently removed.
|
||||
- [26348](https://github.com/apache/superset/issues/26348): Removes the deprecated `CLIENT_CACHE` feature flag. The previous value of the feature flag was `False` and now the feature is permanently removed.
|
||||
|
|
|
@ -358,7 +358,6 @@ You can enable or disable features with flag from `superset_config.py`:
|
|||
|
||||
```python
|
||||
FEATURE_FLAGS = {
|
||||
'ENABLE_EXPLORE_JSON_CSRF_PROTECTION': False,
|
||||
'PRESTO_EXPAND_DATA': False,
|
||||
}
|
||||
```
|
||||
|
|
|
@ -409,14 +409,6 @@ DEFAULT_FEATURE_FLAGS: dict[str, bool] = {
|
|||
# editor no longer shows. Currently this is set to false so that the editor
|
||||
# option does show, but we will be depreciating it.
|
||||
"DISABLE_LEGACY_DATASOURCE_EDITOR": True,
|
||||
# For some security concerns, you may need to enforce CSRF protection on
|
||||
# all query request to explore_json endpoint. In Superset, we use
|
||||
# `flask-csrf <https://sjl.bitbucket.io/flask-csrf/>`_ add csrf protection
|
||||
# for all POST requests, but this protection doesn't apply to GET method.
|
||||
# When ENABLE_EXPLORE_JSON_CSRF_PROTECTION is set to true, your users cannot
|
||||
# make GET request to explore_json. explore_json accepts both GET and POST request.
|
||||
# See `PR 7935 <https://github.com/apache/superset/pull/7935>`_ for more details.
|
||||
"ENABLE_EXPLORE_JSON_CSRF_PROTECTION": False, # deprecated
|
||||
"ENABLE_TEMPLATE_PROCESSING": False,
|
||||
# Allow for javascript controls components
|
||||
# this enables programmers to customize certain charts (like the
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
# pylint: disable=invalid-name
|
||||
# pylint: disable=too-many-lines
|
||||
from __future__ import annotations
|
||||
|
||||
import contextlib
|
||||
|
@ -238,19 +239,24 @@ class Superset(BaseSupersetView): # pylint: disable=too-many-public-methods
|
|||
except SupersetException as ex:
|
||||
return json_error_response(utils.error_msg_from_exception(ex), 400)
|
||||
|
||||
EXPLORE_JSON_METHODS = ["POST"]
|
||||
if not is_feature_enabled("ENABLE_EXPLORE_JSON_CSRF_PROTECTION"):
|
||||
EXPLORE_JSON_METHODS.append("GET")
|
||||
|
||||
@api
|
||||
@has_access_api
|
||||
@handle_api_exception
|
||||
@event_logger.log_this
|
||||
@expose(
|
||||
"/explore_json/<datasource_type>/<int:datasource_id>/",
|
||||
methods=EXPLORE_JSON_METHODS,
|
||||
methods=(
|
||||
"GET",
|
||||
"POST",
|
||||
),
|
||||
)
|
||||
@expose(
|
||||
"/explore_json/",
|
||||
methods=(
|
||||
"GET",
|
||||
"POST",
|
||||
),
|
||||
)
|
||||
@expose("/explore_json/", methods=EXPLORE_JSON_METHODS)
|
||||
@etag_cache()
|
||||
@check_resource_permissions(check_datasource_perms)
|
||||
@deprecated(eol_version="4.0.0")
|
||||
|
|
|
@ -559,8 +559,15 @@ class TestCore(SupersetTestCase):
|
|||
self.assertEqual(clean_query, rendered_query)
|
||||
|
||||
def test_slice_payload_no_datasource(self):
|
||||
form_data = {
|
||||
"viz_type": "dist_bar",
|
||||
}
|
||||
self.login(username="admin")
|
||||
data = self.get_json_resp("/superset/explore_json/", raise_on_error=False)
|
||||
rv = self.client.post(
|
||||
"/superset/explore_json/",
|
||||
data={"form_data": json.dumps(form_data)},
|
||||
)
|
||||
data = json.loads(rv.data.decode("utf-8"))
|
||||
|
||||
self.assertEqual(
|
||||
data["errors"][0]["message"],
|
||||
|
|
Loading…
Reference in New Issue