From 0c6db230afb42bea786cf939b0eb7a16c2f40893 Mon Sep 17 00:00:00 2001 From: Daniel Vaz Gaspar Date: Wed, 27 Sep 2023 08:55:29 +0100 Subject: [PATCH] fix: swagger UI CSP error (#25368) (cherry picked from commit 1716b9f8f68c7abe4c1a082e11ccdb26dbe6a3db) --- requirements/base.txt | 2 +- setup.py | 2 +- superset/config.py | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/base.txt b/requirements/base.txt index 1a971fdab4910..d6ee2e6a6b9ef 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -88,7 +88,7 @@ flask==2.2.5 # flask-migrate # flask-sqlalchemy # flask-wtf -flask-appbuilder==4.3.6 +flask-appbuilder==4.3.7 # via apache-superset flask-babel==1.0.0 # via flask-appbuilder diff --git a/setup.py b/setup.py index 060ea19732b9b..3cb0c144b2f58 100644 --- a/setup.py +++ b/setup.py @@ -80,7 +80,7 @@ def get_git_sha() -> str: "cryptography>=39.0.1, <40", "deprecation>=2.1.0, <2.2.0", "flask>=2.2.5, <3.0.0", - "flask-appbuilder>=4.3.6, <5.0.0", + "flask-appbuilder>=4.3.7, <5.0.0", "flask-caching>=1.11.1, <2.0", "flask-compress>=1.13, <2.0", "flask-talisman>=1.0.0, <2.0", diff --git a/superset/config.py b/superset/config.py index 3847555a055ba..6ec132d43e53e 100644 --- a/superset/config.py +++ b/superset/config.py @@ -1418,7 +1418,7 @@ def EMAIL_HEADER_MUTATOR( # pylint: disable=invalid-name,unused-argument "style-src": ["'self'", "'unsafe-inline'"], "script-src": ["'self'", "'strict-dynamic'"], }, - "content_security_policy_nonce_in": ["script-src"], + "content_security_policy_nonce_in": ["script-src", "style-src"], "force_https": False, } # React requires `eval` to work correctly in dev mode @@ -1436,7 +1436,7 @@ def EMAIL_HEADER_MUTATOR( # pylint: disable=invalid-name,unused-argument "style-src": ["'self'", "'unsafe-inline'"], "script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"], }, - "content_security_policy_nonce_in": ["script-src"], + "content_security_policy_nonce_in": ["script-src", "style-src"], "force_https": False, }