mistercrunch closed pull request #4741: Set longer CSRF token duration (one week) URL: https://github.com/apache/incubator-superset/pull/4741
This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/docs/installation.rst b/docs/installation.rst index 725dd9c28e..3036255272 100644 --- a/docs/installation.rst +++ b/docs/installation.rst @@ -242,17 +242,29 @@ of the parameters you can copy / paste in that configuration module: :: WTF_CSRF_ENABLED = True # Add endpoints that need to be exempt from CSRF protection WTF_CSRF_EXEMPT_LIST = [] + # A CSRF token that expires in 1 year + WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 365 # Set this API key to enable Mapbox visualizations MAPBOX_API_KEY = '' -This file also allows you to define configuration parameters used by -Flask App Builder, the web framework used by Superset. Please consult +All the parameters and default values defined in +https://github.com/apache/incubator-superset/blob/master/superset/config.py +can be altered in your local ``superset_config.py`` . +Administrators will want to +read through the file to understand what can be configured locally +as well as the default values in place. + +Since ``superset_config.py`` acts as a Flask configuration module, it +can be used to alter the settings Flask itself, +as well as Flask extensions like ``flask-wtf``, ``flask-cache``, +``flask-migrate``, and ``flask-appbuilder``. Flask App Builder, the web +framework used by Superset offers many configuration settings. Please consult the `Flask App Builder Documentation <http://flask-appbuilder.readthedocs.org/en/latest/config.html>`_ -for more information on how to configure Superset. +for more information on how to configure it. -Please make sure to change: +Make sure to change: * *SQLALCHEMY_DATABASE_URI*, by default it is stored at *~/.superset/superset.db* * *SECRET_KEY*, to a long random string diff --git a/superset/config.py b/superset/config.py index 34788b40c1..6075352e27 100644 --- a/superset/config.py +++ b/superset/config.py @@ -357,6 +357,9 @@ class CeleryConfig(object): # It will be appended at the bottom of sql_lab errors. TROUBLESHOOTING_LINK = '' +# CSRF token timeout, set to None for a token that never expires +WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 7 + # This link should lead to a page with instructions on how to gain access to a # Datasource. It will be placed at the bottom of permissions errors. PERMISSION_INSTRUCTIONS_LINK = '' ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services