mistercrunch commented on PR #33550: URL: https://github.com/apache/superset/pull/33550#issuecomment-2942043947
From my understanding I think it's safe where that page should only render if the user has access to the dashboard. What would be a security concern is if we returned metadata to an unauthenticated user to enable [unauthenticated] Slack (and everything else). About touching `superset/embedded/view.py` I don't think the meta tags will make it through an iframe but probably doesn't hurt. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
