Skip to content

Commit

Permalink
fix: Styles not loading because of faulty CSP setting (#25468)
Browse files Browse the repository at this point in the history
  • Loading branch information
kgabryje authored Sep 29, 2023
1 parent 7eab59a commit 0cebffd
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions superset/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -1426,10 +1426,14 @@ def EMAIL_HEADER_MUTATOR( # pylint: disable=invalid-name,unused-argument
"https://events.mapbox.com",
],
"object-src": "'none'",
"style-src": ["'self'", "'unsafe-inline'"],
"style-src": [
"'self'",
"'unsafe-inline'",
"https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css",
],
"script-src": ["'self'", "'strict-dynamic'"],
},
"content_security_policy_nonce_in": ["script-src", "style-src"],
"content_security_policy_nonce_in": ["script-src"],
"force_https": False,
}
# React requires `eval` to work correctly in dev mode
Expand All @@ -1444,10 +1448,14 @@ def EMAIL_HEADER_MUTATOR( # pylint: disable=invalid-name,unused-argument
"https://events.mapbox.com",
],
"object-src": "'none'",
"style-src": ["'self'", "'unsafe-inline'"],
"style-src": [
"'self'",
"'unsafe-inline'",
"https://cdn.jsdelivr.net/npm/swagger-ui-dist@5/swagger-ui.css",
],
"script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
},
"content_security_policy_nonce_in": ["script-src", "style-src"],
"content_security_policy_nonce_in": ["script-src"],
"force_https": False,
}

Expand Down

0 comments on commit 0cebffd

Please sign in to comment.