From 94f8b84d01acd59ff08cdaaf05e1c1660dbbab23 Mon Sep 17 00:00:00 2001 From: Erik Ritter Date: Fri, 12 Nov 2021 14:21:01 -0800 Subject: [PATCH] fix: allow POST chart/data request without CSRF token --- superset/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/superset/config.py b/superset/config.py index db34343782222..4b571dad27a2a 100644 --- a/superset/config.py +++ b/superset/config.py @@ -191,7 +191,7 @@ def _try_json_readsha(filepath: str, length: int) -> Optional[str]: WTF_CSRF_ENABLED = True # Add endpoints that need to be exempt from CSRF protection -WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.api.data"] +WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.data.api.data"] # Whether to run the web server in debug mode or not DEBUG = os.environ.get("FLASK_ENV") == "development"