This is an automated email from the ASF dual-hosted git repository. michaelsmolina pushed a commit to branch 3.0 in repository https://gitbox.apache.org/repos/asf/superset.git
commit 0dd1a3bea5baf403d9081f0f2cf83b61ce0245ba Author: Kamil Gabryjelski <[email protected]> AuthorDate: Fri Sep 29 20:54:32 2023 +0200 fix: Styles not loading because of faulty CSP setting (#25468) (cherry picked from commit 0cebffd59a45bb7256e1817d9792dbe2793fba72) --- superset/config.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/superset/config.py b/superset/config.py index 6ec132d43e..bda7d0e5f0 100644 --- a/superset/config.py +++ b/superset/config.py @@ -1415,10 +1415,14 @@ TALISMAN_CONFIG = { "https://events.mapbox.com";, ], "object-src": "'none'", - "style-src": ["'self'", "'unsafe-inline'"], + "style-src": [ + "'self'", + "'unsafe-inline'", + "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css";, + ], "script-src": ["'self'", "'strict-dynamic'"], }, - "content_security_policy_nonce_in": ["script-src", "style-src"], + "content_security_policy_nonce_in": ["script-src"], "force_https": False, } # React requires `eval` to work correctly in dev mode @@ -1433,10 +1437,14 @@ TALISMAN_DEV_CONFIG = { "https://events.mapbox.com";, ], "object-src": "'none'", - "style-src": ["'self'", "'unsafe-inline'"], + "style-src": [ + "'self'", + "'unsafe-inline'", + "https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css";, + ], "script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"], }, - "content_security_policy_nonce_in": ["script-src", "style-src"], + "content_security_policy_nonce_in": ["script-src"], "force_https": False, }
