v9dev opened a new issue, #32606: URL: https://github.com/apache/superset/issues/32606
### Bug description ### **Issue: Update Slack Image URL in Talisman Configuration** **Description:** The current Talisman configuration in Apache Superset includes an outdated or incorrect Slack image URL: `https://avatars.slack-edge.com/`, which results in an **Access Denied** error when trying to load Slack-related images. At first, I thought the issue was with loading images generally, but after investigating the URL, I realized that the Slack image could not be fetched. To temporarily resolve the issue, I allowed images from any source using a wildcard (`*`), but this is not a good security practice. I attempted enabling Slack thumbnails with the assumption that if it worked, I could also add my S3 bucket URL. However, since the Slack image failed to load, I used my S3 bucket instead, and it worked. Later, I found that using Slack’s CDN URL (`https://cdn.brandfolder.io/`) in Talisman allowed the Slack image to load successfully. --- ### **Proposed Fix:** 1. **Update the Slack image URL** in `TALISMAN_DEV_CONFIG` to use `https://cdn.brandfolder.io/` instead of `https://avatars.slack-edge.com/`. 2. **Add documentation** explaining how to configure Talisman for loading external images in Superset. 3. Provide guidance on **securely allowing image sources** (e.g., from S3 or other services) without using wildcards. --- ### **Steps to Reproduce:** 1. Run Superset with the current `TALISMAN_DEV_CONFIG`. 2. Try loading a Slack-related image (e.g., in `Slack_Dashboard.yaml`). 3. Observe that the image URL (`https://avatars.slack-edge.com/`) returns an **Access Denied** error. 4. Replace the URL with `https://cdn.brandfolder.io/` and confirm that the issue is resolved. --- ### **Expected Behavior:** - Slack images should load correctly using the updated CDN URL. - Users should be able to configure external images (e.g., from S3) with clear documentation. - The Talisman policy should be secure and not rely on wildcards. --- ### **Additional Context:** - Current problematic URL: `https://avatars.slack-edge.com/` - Working URL: `https://cdn.brandfolder.io/` - The issue was identified while testing Slack thumbnails and integrating S3 image hosting. Would appreciate if this could be updated in the codebase and documented for other users who may face similar issues. Thanks! 🙌 ### Screenshots/recordings _No response_ ### Superset version master / latest-dev ### Python version 3.11 ### Node version 18 or greater ### Browser Chrome ### Additional context Yes I Enable the "SLACK_ENABLE_AVATARS": True, ### Checklist - [x] I have searched Superset docs and Slack and didn't find a solution to my problem. - [x] I have searched the GitHub issue tracker and didn't find a similar bug report. - [x] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
