From aa8040ec9b0033fab8301afea6fccfcf2a245260 Mon Sep 17 00:00:00 2001 From: Erik Ritter Date: Fri, 12 Nov 2021 15:17:21 -0800 Subject: [PATCH] fix: allow POST chart/data request without CSRF token (#17429) --- superset/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/superset/config.py b/superset/config.py index db34343782222..4b571dad27a2a 100644 --- a/superset/config.py +++ b/superset/config.py @@ -191,7 +191,7 @@ def _try_json_readsha(filepath: str, length: int) -> Optional[str]: WTF_CSRF_ENABLED = True # Add endpoints that need to be exempt from CSRF protection -WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.api.data"] +WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.data.api.data"] # Whether to run the web server in debug mode or not DEBUG = os.environ.get("FLASK_ENV") == "development"