This is an automated email from the ASF dual-hosted git repository. michaelsmolina pushed a commit to branch 3.1 in repository https://gitbox.apache.org/repos/asf/superset.git
commit 3d7b827d7986e4e70e967b2274649625c8c0dfc7 Author: Daniel Vaz Gaspar <[email protected]> AuthorDate: Wed Dec 13 11:45:14 2023 +0000 chore: improve CSP add base uri restriction (#26251) (cherry picked from commit 578a899152719415c65c24055f4378b838ded435) --- superset/config.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/superset/config.py b/superset/config.py index 98f87e6f02..ca801442d9 100644 --- a/superset/config.py +++ b/superset/config.py @@ -1425,6 +1425,7 @@ TALISMAN_ENABLED = utils.cast_to_boolean(os.environ.get("TALISMAN_ENABLED", True # If you want Talisman, how do you want it configured?? TALISMAN_CONFIG = { "content_security_policy": { + "base-uri": ["'self'"], "default-src": ["'self'"], "img-src": ["'self'", "blob:", "data:"], "worker-src": ["'self'", "blob:"], @@ -1447,6 +1448,7 @@ TALISMAN_CONFIG = { # React requires `eval` to work correctly in dev mode TALISMAN_DEV_CONFIG = { "content_security_policy": { + "base-uri": ["'self'"], "default-src": ["'self'"], "img-src": ["'self'", "blob:", "data:"], "worker-src": ["'self'", "blob:"],
