[superset] branch master updated: fix: swagger UI CSP error (#25368)

Wed, 27 Sep 2023 00:55:42 -0700 

This is an automated email from the ASF dual-hosted git repository.

dpgaspar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git


The following commit(s) were added to refs/heads/master by this push:
     new 1716b9f8f6 fix: swagger UI CSP error (#25368)
1716b9f8f6 is described below

commit 1716b9f8f68c7abe4c1a082e11ccdb26dbe6a3db
Author: Daniel Vaz Gaspar <[email protected]>
AuthorDate: Wed Sep 27 08:55:29 2023 +0100

    fix: swagger UI CSP error (#25368)
---
 requirements/base.txt | 2 +-
 setup.py              | 2 +-
 superset/config.py    | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/base.txt b/requirements/base.txt
index 4b420f4ee9..3370eceac4 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -96,7 +96,7 @@ flask==2.2.5
     #   flask-migrate
     #   flask-sqlalchemy
     #   flask-wtf
-flask-appbuilder==4.3.6
+flask-appbuilder==4.3.7
     # via apache-superset
 flask-babel==1.0.0
     # via flask-appbuilder
diff --git a/setup.py b/setup.py
index 79649c0167..6190eaf65c 100644
--- a/setup.py
+++ b/setup.py
@@ -84,7 +84,7 @@ setup(
         "cryptography>=41.0.2, <41.1.0",
         "deprecation>=2.1.0, <2.2.0",
         "flask>=2.2.5, <3.0.0",
-        "flask-appbuilder>=4.3.6, <5.0.0",
+        "flask-appbuilder>=4.3.7, <5.0.0",
         "flask-caching>=1.11.1, <2.0",
         "flask-compress>=1.13, <2.0",
         "flask-talisman>=1.0.0, <2.0",
diff --git a/superset/config.py b/superset/config.py
index 74f5df0e6e..e255fa5401 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1429,7 +1429,7 @@ TALISMAN_CONFIG = {
         "style-src": ["'self'", "'unsafe-inline'"],
         "script-src": ["'self'", "'strict-dynamic'"],
     },
-    "content_security_policy_nonce_in": ["script-src"],
+    "content_security_policy_nonce_in": ["script-src", "style-src"],
     "force_https": False,
 }
 # React requires `eval` to work correctly in dev mode
@@ -1447,7 +1447,7 @@ TALISMAN_DEV_CONFIG = {
         "style-src": ["'self'", "'unsafe-inline'"],
         "script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
     },
-    "content_security_policy_nonce_in": ["script-src"],
+    "content_security_policy_nonce_in": ["script-src", "style-src"],
     "force_https": False,
 }

Reply via email to