This is an automated email from the ASF dual-hosted git repository.
maximebeauchemin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 9bb3a5782d fix(config): correct slack image url in talisman (#32778)
9bb3a5782d is described below
commit 9bb3a5782da7035a9d316f6e4f146f4b8309b611
Author: V9 Developer <[email protected]>
AuthorDate: Fri Mar 21 22:02:51 2025 +0530
fix(config): correct slack image url in talisman (#32778)
---
docs/docs/security/security.mdx | 43 +++++++++++++++++++++++++++++++++++++++++
superset/config.py | 7 +++++--
2 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/docs/docs/security/security.mdx b/docs/docs/security/security.mdx
index f8abdfcc6d..d665547760 100644
--- a/docs/docs/security/security.mdx
+++ b/docs/docs/security/security.mdx
@@ -280,6 +280,49 @@ TALISMAN_CONFIG = {
"content_security_policy": { ...
```
+#### Configuring Talisman in Superset
+
+Talisman settings in Superset can be modified using superset_config.py. If you
need to adjust security policies, you can override the default configuration.
+
+Example: Overriding Talisman Configuration in superset_config.py for loading
images form s3 or other external sources.
+
+```python
+TALISMAN_CONFIG = {
+ "content_security_policy": {
+ "base-uri": ["'self'"],
+ "default-src": ["'self'"],
+ "img-src": [
+ "'self'",
+ "blob:",
+ "data:",
+ "https://apachesuperset.gateway.scarf.sh";,
+ "https://static.scarf.sh/";,
+ # "https://cdn.brandfolder.io";, # Uncomment when
SLACK_ENABLE_AVATARS is True # noqa: E501
+ "ows.terrestris.de",
+ "aws.s3.com", # Add Your Bucket or external data source
+ ],
+ "worker-src": ["'self'", "blob:"],
+ "connect-src": [
+ "'self'",
+ "https://api.mapbox.com";,
+ "https://events.mapbox.com";,
+ ],
+ "object-src": "'none'",
+ "style-src": [
+ "'self'",
+ "'unsafe-inline'",
+ ],
+ "script-src": ["'self'", "'strict-dynamic'"],
+ },
+ "content_security_policy_nonce_in": ["script-src"],
+ "force_https": False,
+ "session_cookie_secure": False,
+}
+```
+
+# For more information on setting up Talisman, please refer to
+https://superset.apache.org/docs/configuration/networking-settings/#changing-flask-talisman-csp
+
### Reporting Security Vulnerabilities
Apache Software Foundation takes a rigorous standpoint in annihilating the
security issues in its
diff --git a/superset/config.py b/superset/config.py
index 2d16d43290..7d667ed699 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1614,6 +1614,9 @@ CONTENT_SECURITY_POLICY_WARNING = True
TALISMAN_ENABLED = utils.cast_to_boolean(os.environ.get("TALISMAN_ENABLED",
True))
# If you want Talisman, how do you want it configured??
+# For more information on setting up Talisman, please refer to
+#
https://superset.apache.org/docs/configuration/networking-settings/#changing-flask-talisman-csp
+
TALISMAN_CONFIG = {
"content_security_policy": {
"base-uri": ["'self'"],
@@ -1624,7 +1627,7 @@ TALISMAN_CONFIG = {
"data:",
"https://apachesuperset.gateway.scarf.sh";,
"https://static.scarf.sh/";,
- # "https://avatars.slack-edge.com";, # Uncomment when
SLACK_ENABLE_AVATARS is True # noqa: E501
+ # "https://cdn.brandfolder.io";, # Uncomment when
SLACK_ENABLE_AVATARS is True # noqa: E501
"ows.terrestris.de",
],
"worker-src": ["'self'", "blob:"],
@@ -1655,7 +1658,7 @@ TALISMAN_DEV_CONFIG = {
"data:",
"https://apachesuperset.gateway.scarf.sh";,
"https://static.scarf.sh/";,
- "https://avatars.slack-edge.com";,
+ "https://cdn.brandfolder.io";,
"ows.terrestris.de",
],
"worker-src": ["'self'", "blob:"],
