This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 0c6db230afb42bea786cf939b0eb7a16c2f40893
Author: Daniel Vaz Gaspar <danielvazgas...@gmail.com>
AuthorDate: Wed Sep 27 08:55:29 2023 +0100
fix: swagger UI CSP error (#25368)
(cherry picked from commit 1716b9f8f68c7abe4c1a082e11ccdb26dbe6a3db)
---
requirements/base.txt | 2 +-
setup.py | 2 +-
superset/config.py | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/requirements/base.txt b/requirements/base.txt
index 1a971fdab4..d6ee2e6a6b 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -88,7 +88,7 @@ flask==2.2.5
# flask-migrate
# flask-sqlalchemy
# flask-wtf
-flask-appbuilder==4.3.6
+flask-appbuilder==4.3.7
# via apache-superset
flask-babel==1.0.0
# via flask-appbuilder
diff --git a/setup.py b/setup.py
index 060ea19732..3cb0c144b2 100644
--- a/setup.py
+++ b/setup.py
@@ -80,7 +80,7 @@ setup(
"cryptography>=39.0.1, <40",
"deprecation>=2.1.0, <2.2.0",
"flask>=2.2.5, <3.0.0",
- "flask-appbuilder>=4.3.6, <5.0.0",
+ "flask-appbuilder>=4.3.7, <5.0.0",
"flask-caching>=1.11.1, <2.0",
"flask-compress>=1.13, <2.0",
"flask-talisman>=1.0.0, <2.0",
diff --git a/superset/config.py b/superset/config.py
index 3847555a05..6ec132d43e 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1418,7 +1418,7 @@ TALISMAN_CONFIG = {
"style-src": ["'self'", "'unsafe-inline'"],
"script-src": ["'self'", "'strict-dynamic'"],
},
- "content_security_policy_nonce_in": ["script-src"],
+ "content_security_policy_nonce_in": ["script-src", "style-src"],
"force_https": False,
}
# React requires `eval` to work correctly in dev mode
@@ -1436,7 +1436,7 @@ TALISMAN_DEV_CONFIG = {
"style-src": ["'self'", "'unsafe-inline'"],
"script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
},
- "content_security_policy_nonce_in": ["script-src"],
+ "content_security_policy_nonce_in": ["script-src", "style-src"],
"force_https": False,
}
