This is an automated email from the ASF dual-hosted git repository.
kgabryje pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 0cebffd59a fix: Styles not loading because of faulty CSP setting
(#25468)
0cebffd59a is described below
commit 0cebffd59a45bb7256e1817d9792dbe2793fba72
Author: Kamil Gabryjelski <[email protected]>
AuthorDate: Fri Sep 29 20:54:32 2023 +0200
fix: Styles not loading because of faulty CSP setting (#25468)
---
superset/config.py | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/superset/config.py b/superset/config.py
index f14eeaa968..20735a77ec 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1426,10 +1426,14 @@ TALISMAN_CONFIG = {
"https://events.mapbox.com";,
],
"object-src": "'none'",
- "style-src": ["'self'", "'unsafe-inline'"],
+ "style-src": [
+ "'self'",
+ "'unsafe-inline'",
+ "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css";,
+ ],
"script-src": ["'self'", "'strict-dynamic'"],
},
- "content_security_policy_nonce_in": ["script-src", "style-src"],
+ "content_security_policy_nonce_in": ["script-src"],
"force_https": False,
}
# React requires `eval` to work correctly in dev mode
@@ -1444,10 +1448,14 @@ TALISMAN_DEV_CONFIG = {
"https://events.mapbox.com";,
],
"object-src": "'none'",
- "style-src": ["'self'", "'unsafe-inline'"],
+ "style-src": [
+ "'self'",
+ "'unsafe-inline'",
+ "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css";,
+ ],
"script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
},
- "content_security_policy_nonce_in": ["script-src", "style-src"],
+ "content_security_policy_nonce_in": ["script-src"],
"force_https": False,
}
