mistercrunch closed pull request #4741: Set longer CSRF token duration (one
week)
URL: https://github.com/apache/incubator-superset/pull/4741
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/docs/installation.rst b/docs/installation.rst
index 725dd9c28e..3036255272 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -242,17 +242,29 @@ of the parameters you can copy / paste in that
configuration module: ::
WTF_CSRF_ENABLED = True
# Add endpoints that need to be exempt from CSRF protection
WTF_CSRF_EXEMPT_LIST = []
+ # A CSRF token that expires in 1 year
+ WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 365
# Set this API key to enable Mapbox visualizations
MAPBOX_API_KEY = ''
-This file also allows you to define configuration parameters used by
-Flask App Builder, the web framework used by Superset. Please consult
+All the parameters and default values defined in
+https://github.com/apache/incubator-superset/blob/master/superset/config.py
+can be altered in your local ``superset_config.py`` .
+Administrators will want to
+read through the file to understand what can be configured locally
+as well as the default values in place.
+
+Since ``superset_config.py`` acts as a Flask configuration module, it
+can be used to alter the settings Flask itself,
+as well as Flask extensions like ``flask-wtf``, ``flask-cache``,
+``flask-migrate``, and ``flask-appbuilder``. Flask App Builder, the web
+framework used by Superset offers many configuration settings. Please consult
the `Flask App Builder Documentation
<http://flask-appbuilder.readthedocs.org/en/latest/config.html>`_
-for more information on how to configure Superset.
+for more information on how to configure it.
-Please make sure to change:
+Make sure to change:
* *SQLALCHEMY_DATABASE_URI*, by default it is stored at
*~/.superset/superset.db*
* *SECRET_KEY*, to a long random string
diff --git a/superset/config.py b/superset/config.py
index 34788b40c1..6075352e27 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -357,6 +357,9 @@ class CeleryConfig(object):
# It will be appended at the bottom of sql_lab errors.
TROUBLESHOOTING_LINK = ''
+# CSRF token timeout, set to None for a token that never expires
+WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 7
+
# This link should lead to a page with instructions on how to gain access to a
# Datasource. It will be placed at the bottom of permissions errors.
PERMISSION_INSTRUCTIONS_LINK = ''
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
