bito-code-review[bot] commented on PR #41004: URL: https://github.com/apache/superset/pull/41004#issuecomment-4709857925
<!-- Bito Reply --> Adding an inline comment documenting the security invariant is a good practice for maintainability and future-proofing. The logic described—that embedded guest sessions cannot fetch CSRF tokens and that the endpoint is already CSRF-exempt server-side—is a critical security detail that justifies the client-side behavior. Since this is a non-blocking suggestion, you can add a brief comment near the logic that skips the CSRF token fetch in `useStreamingExport.ts`. This will help future developers understand why this specific path is safe and prevent accidental regressions during future refactors. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
