This is an automated email from the ASF dual-hosted git repository. michaelsmolina pushed a commit to branch 5.0 in repository https://gitbox.apache.org/repos/asf/superset.git
commit 231d9a321ae3aaf777c032c22df69f785f18ad75 Author: V9 Developer <[email protected]> AuthorDate: Fri Mar 21 22:02:51 2025 +0530 fix(config): correct slack image url in talisman (#32778) (cherry picked from commit 9bb3a5782da7035a9d316f6e4f146f4b8309b611) --- docs/docs/security/security.mdx | 43 +++++++++++++++++++++++++++++++++++++++++ superset/config.py | 7 +++++-- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/docs/docs/security/security.mdx b/docs/docs/security/security.mdx index b2e805c2b5..839b5afa94 100644 --- a/docs/docs/security/security.mdx +++ b/docs/docs/security/security.mdx @@ -281,6 +281,49 @@ TALISMAN_CONFIG = { "content_security_policy": { ... ``` +#### Configuring Talisman in Superset + +Talisman settings in Superset can be modified using superset_config.py. If you need to adjust security policies, you can override the default configuration. + +Example: Overriding Talisman Configuration in superset_config.py for loading images form s3 or other external sources. + +```python +TALISMAN_CONFIG = { + "content_security_policy": { + "base-uri": ["'self'"], + "default-src": ["'self'"], + "img-src": [ + "'self'", + "blob:", + "data:", + "https://apachesuperset.gateway.scarf.sh";, + "https://static.scarf.sh/";, + # "https://cdn.brandfolder.io";, # Uncomment when SLACK_ENABLE_AVATARS is True # noqa: E501 + "ows.terrestris.de", + "aws.s3.com", # Add Your Bucket or external data source + ], + "worker-src": ["'self'", "blob:"], + "connect-src": [ + "'self'", + "https://api.mapbox.com";, + "https://events.mapbox.com";, + ], + "object-src": "'none'", + "style-src": [ + "'self'", + "'unsafe-inline'", + ], + "script-src": ["'self'", "'strict-dynamic'"], + }, + "content_security_policy_nonce_in": ["script-src"], + "force_https": False, + "session_cookie_secure": False, +} +``` + +# For more information on setting up Talisman, please refer to +https://superset.apache.org/docs/configuration/networking-settings/#changing-flask-talisman-csp + ### Reporting Security Vulnerabilities Apache Software Foundation takes a rigorous standpoint in annihilating the security issues in its diff --git a/superset/config.py b/superset/config.py index 3452c045b4..cf29e66127 100644 --- a/superset/config.py +++ b/superset/config.py @@ -1608,6 +1608,9 @@ CONTENT_SECURITY_POLICY_WARNING = True TALISMAN_ENABLED = utils.cast_to_boolean(os.environ.get("TALISMAN_ENABLED", True)) # If you want Talisman, how do you want it configured?? +# For more information on setting up Talisman, please refer to +# https://superset.apache.org/docs/configuration/networking-settings/#changing-flask-talisman-csp + TALISMAN_CONFIG = { "content_security_policy": { "base-uri": ["'self'"], @@ -1618,7 +1621,7 @@ TALISMAN_CONFIG = { "data:", "https://apachesuperset.gateway.scarf.sh";, "https://static.scarf.sh/";, - # "https://avatars.slack-edge.com";, # Uncomment when SLACK_ENABLE_AVATARS is True # noqa: E501 + # "https://cdn.brandfolder.io";, # Uncomment when SLACK_ENABLE_AVATARS is True # noqa: E501 "ows.terrestris.de", ], "worker-src": ["'self'", "blob:"], @@ -1649,7 +1652,7 @@ TALISMAN_DEV_CONFIG = { "data:", "https://apachesuperset.gateway.scarf.sh";, "https://static.scarf.sh/";, - "https://avatars.slack-edge.com";, + "https://cdn.brandfolder.io";, "ows.terrestris.de", ], "worker-src": ["'self'", "blob:"],
