Page MenuHomeElementl

[dagit] Enable limited frame-src
ClosedPublic

Authored by dish on Aug 9 2021, 2:34 PM.

Details

Summary

As reported on Slack.

Re-enable frame-src CSP directive to allow showing ipynb iframes. Allowed on localhost for dev, otherwise 'self'. This has been broken since the CSP was released.

I've added sandbox to the iframe to keep it a bit more locked down, since I don't really know how dangerous the rendered contents actually are. It doesn't seem like they need any JavaScript, but I assume if they do, someone is going to report bugs to us fairly quickly.

Test Plan

Run dagit with dagstermill repo:

$ dagit -p 3333 -m dagstermill.examples.repository

Use "View notebook" in job overviews to view the notebook dialog. Verify that there are no CSP issues, and that the notebook renders as expected, with appropriate styling.

Repeat with a prod build.

Diff Detail

Repository
R1 dagster
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dish edited the test plan for this revision. (Show Details)
dish requested review of this revision.Aug 9 2021, 2:46 PM
This revision is now accepted and ready to land.Aug 9 2021, 2:56 PM
This revision was automatically updated to reflect the committed changes.