Gwildor opened a new issue, #36268: URL: https://github.com/apache/superset/issues/36268
### Bug description When using Talisman for CORS settings, you can restrict images and other files being loaded from specific domains, such as a CDN. These images can be included in dashboards using Markdown. However, when trying to export the dashboard to PDF, it fails, with a CSP error in the network tab of the browser. I've tried with both Firefox and Chrome, on 5.0.0. I tried to test this with 6.0.0rc3, but I couldn't get my local installation to run (`docker compose` works, but then requests just hang infinite). ## Steps to reproduce 1. Enable Talisman in your settings: set `TALISMAN_ENABLED = True`, and add `https:` in the list `TALISMAN_DEV_CONFIG["content_security_policy"]["img-src"]` to allow images from all domains (using HTTPS). 3. Create a new dashboard or edit an existing one 4. Add a Markdown block (or change an existing one) 5. Add an image. I've used: `` 6. Make sure the Markdown block was saved as well on blur (this is a bit buggy I've noticed, it can revert to the old Markdown code if you don't properly click outside of the form element) 7. Save the dashboard 8. Confirm the dashboard shows the image, even after reloading the dashboard 9. On the 3 dots at the top right, select Download -> Export to PDF 10. Nothing happens, and the web browser shows a CSP error when trying to retrieve the image Screenshots in email reports work fine, they show the embedded image. I tried a lot of different options in my installation, and couldn't get it to work. I used ChatGPT a bit to talk through the problem, and its conclusion was that the endpoint that generates the PDF doesn't use the same Talisman configuration, but I don't know how to verify if that's indeed the problem. ### Screenshots/recordings <img width="1920" height="970" alt="Image" src="https://github.com/user-attachments/assets/3b76c79b-fd9a-4103-bee8-5880e9892292"; /> ### Superset version 5.0.0 ### Python version 3.10 ### Node version 18 or greater ### Browser Firefox ### Additional context _No response_ ### Checklist - [x] I have searched Superset docs and Slack and didn't find a solution to my problem. - [x] I have searched the GitHub issue tracker and didn't find a similar bug report. - [x] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
