Skip to content

chore: improve CSP add base uri restriction#26251

Merged
dpgaspar merged 1 commit into
apache:masterfrom
preset-io:fix/csp-base-uri
Dec 13, 2023
Merged

chore: improve CSP add base uri restriction#26251
dpgaspar merged 1 commit into
apache:masterfrom
preset-io:fix/csp-base-uri

Conversation

@dpgaspar
Copy link
Copy Markdown
Member

@dpgaspar dpgaspar commented Dec 12, 2023
edited
Loading

SUMMARY

Improves our current default CSP policy by adding base-uri to self. base-uri directive restricts the URLs which can be used in a document's element.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@dpgaspar dpgaspar added the v3.1 Label added by the release manager to track PRs to be included in the 3.1 branch label Dec 12, 2023
@michael-s-molina michael-s-molina added the v3.0 Label added by the release manager to track PRs to be included in the 3.0 branch label Dec 12, 2023
@codecov
Copy link
Copy Markdown

codecov Bot commented Dec 12, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 69.17%. Comparing base (8644b1a) to head (45fab1b).
Report is 2295 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #26251      +/-   ##
==========================================
- Coverage   69.21%   69.17%   -0.05%     
==========================================
  Files        1941     1942       +1     
  Lines       75910    75947      +37     
  Branches     8458     8458              
==========================================
- Hits        52541    52536       -5     
- Misses      21174    21216      +42     
  Partials     2195     2195
Flag Coverage Δ
hive 53.67% <ø> (-0.01%) ⬇️
mysql 78.08% <ø> (-0.07%) ⬇️
postgres 78.18% <ø> (-0.09%) ⬇️
presto 53.62% <ø> (-0.01%) ⬇️
python 82.86% <ø> (-0.10%) ⬇️
sqlite 76.83% <ø> (-0.09%) ⬇️
unit 55.79% <ø> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

kgabryje
kgabryje approved these changes Dec 12, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@kgabryje kgabryje left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nytai
Copy link
Copy Markdown
Member

nytai commented Dec 13, 2023

@rusackas do we have any front-end logging enabled by default? This might affect any telemetry we might have recently added

@dpgaspar dpgaspar merged commit 578a899 into apache:master Dec 13, 2023
@dpgaspar dpgaspar deleted the fix/csp-base-uri branch December 13, 2023 11:45
@rusackas
Copy link
Copy Markdown
Member

rusackas commented Dec 13, 2023

@rusackas do we have any front-end logging enabled by default? This might affect any telemetry we might have recently added

I think we'll be OK with the telemetry. The PR is still open until I sort out the tests, but the only change to the CSP change there just pokes a couple holes in the img-src setting.

michael-s-molina pushed a commit that referenced this pull request Dec 15, 2023
@dpgaspar @michael-s-molina
chore: improve CSP add base uri restriction (#26251)
c878e2e 
(cherry picked from commit 578a899)
michael-s-molina pushed a commit that referenced this pull request Dec 18, 2023
@dpgaspar @michael-s-molina
chore: improve CSP add base uri restriction (#26251)
3d7b827 
(cherry picked from commit 578a899)
josedev-union pushed a commit to Ortege-xyz/studio that referenced this pull request Jan 22, 2024
@dpgaspar @josedev-union
chore: improve CSP add base uri restriction (apache#26251)
0bb1ef0 
(cherry picked from commit 578a899)
@mistercrunch mistercrunch added 🍒 3.0.3 Cherry-picked to 3.0.3 🍒 3.0.4 Cherry-picked to 3.0.4 🍒 3.1.0 Cherry-picked to 3.1.0 🍒 3.1.1 Cherry-picked to 3.1.1 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels labels Mar 8, 2024
vinothkumar66 pushed a commit to vinothkumar66/superset that referenced this pull request Nov 11, 2024
@dpgaspar
chore: improve CSP add base uri restriction (apache#26251)
3c189b3
@github-actions github-actions Bot added 🍒 3.1.2 Cherry-picked to 3.1.2 🍒 3.1.3 Cherry-picked to 3.1.3 🚢 4.0.0 First shipped in 4.0.0 labels Feb 4, 2025
qfcwell pushed a commit to qfcwell/superset that referenced this pull request May 12, 2026
@dpgaspar
chore: improve CSP add base uri restriction (apache#26251)
e3ce147
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nytai nytai nytai approved these changes

@kgabryje kgabryje kgabryje approved these changes

@villebro villebro Awaiting requested review from villebro

@eschutho eschutho Awaiting requested review from eschutho

@michael-s-molina michael-s-molina Awaiting requested review from michael-s-molina

Assignees

No one assigned

Labels

🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/XS v3.0 Label added by the release manager to track PRs to be included in the 3.0 branch v3.1 Label added by the release manager to track PRs to be included in the 3.1 branch 🍒 3.0.3 Cherry-picked to 3.0.3 🍒 3.0.4 Cherry-picked to 3.0.4 🍒 3.1.0 Cherry-picked to 3.1.0 🍒 3.1.1 Cherry-picked to 3.1.1 🍒 3.1.2 Cherry-picked to 3.1.2 🍒 3.1.3 Cherry-picked to 3.1.3 🚢 4.0.0 First shipped in 4.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@dpgaspar @nytai @rusackas @kgabryje @mistercrunch @michael-s-molina