Page MenuHomeElementl
Differential D9210

[dagit] Enable limited frame-src
ClosedPublic
Actions

Authored by dish on Aug 9 2021, 2:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, May 9, 11:54 AM
Unknown Object (File)
May 2 2023, 1:52 AM
Unknown Object (File)
May 1 2023, 7:35 PM
Unknown Object (File)
Apr 27 2023, 8:06 PM
Unknown Object (File)
Apr 10 2023, 9:59 AM
Unknown Object (File)
Apr 7 2023, 4:21 AM
Unknown Object (File)
Mar 25 2023, 9:07 PM
Unknown Object (File)
Mar 17 2023, 6:19 AM
View All 78 Files
Subscribers
None

Details

Reviewers
bengotow
max
yuhan
prha
Commits
R1:421626462227: [dagit] Enable limited frame-src
Summary

As reported on Slack.

Re-enable frame-src CSP directive to allow showing ipynb iframes. Allowed on localhost for dev, otherwise 'self'. This has been broken since the CSP was released.

I've added sandbox to the iframe to keep it a bit more locked down, since I don't really know how dangerous the rendered contents actually are. It doesn't seem like they need any JavaScript, but I assume if they do, someone is going to report bugs to us fairly quickly.

Test Plan

Run dagit with dagstermill repo:

$ dagit -p 3333 -m dagstermill.examples.repository

Use "View notebook" in job overviews to view the notebook dialog. Verify that there are no CSP issues, and that the notebook renders as expected, with appropriate styling.

Repeat with a prod build.

Diff Detail

Repository
R1 dagster
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dish created this revision.Aug 9 2021, 2:34 PM
dish added a reviewer: prha.Aug 9 2021, 2:34 PM
dish edited the test plan for this revision. (Show Details)
Harbormaster completed remote builds in B34624: Diff 42825.Aug 9 2021, 2:46 PM
dish requested review of this revision.Aug 9 2021, 2:46 PM
prha accepted this revision.Aug 9 2021, 2:56 PM
This revision is now accepted and ready to land.Aug 9 2021, 2:56 PM
Closed by commit R1:421626462227: [dagit] Enable limited frame-src (authored by dish). · Explain WhyAug 9 2021, 3:39 PM
This revision was automatically updated to reflect the committed changes.
dish added a commit: R1:421626462227: [dagit] Enable limited frame-src.

Revision Contents
Changeset List

PathSize
js_modules/
dagit/
packages/
app/
config/
1 line
core/
src/
plugins/
1 line

Diff 42826

View Options

js_modules/dagit/packages/app/config/webpack.config.js

Loading...
View Options

js_modules/dagit/packages/core/src/plugins/ipynb.tsx

Loading...