Page MenuHomeElementl

[dagit] Enable limited frame-src

Authored by dish on Aug 9 2021, 2:34 PM.
Referenced Files
Unknown Object (File)
Tue, May 9, 11:54 AM
Unknown Object (File)
May 2 2023, 1:52 AM
Unknown Object (File)
May 1 2023, 7:35 PM
Unknown Object (File)
Apr 27 2023, 8:06 PM
Unknown Object (File)
Apr 10 2023, 9:59 AM
Unknown Object (File)
Apr 7 2023, 4:21 AM
Unknown Object (File)
Mar 25 2023, 9:07 PM
Unknown Object (File)
Mar 17 2023, 6:19 AM



As reported on Slack.

Re-enable frame-src CSP directive to allow showing ipynb iframes. Allowed on localhost for dev, otherwise 'self'. This has been broken since the CSP was released.

I've added sandbox to the iframe to keep it a bit more locked down, since I don't really know how dangerous the rendered contents actually are. It doesn't seem like they need any JavaScript, but I assume if they do, someone is going to report bugs to us fairly quickly.

Test Plan

Run dagit with dagstermill repo:

$ dagit -p 3333 -m dagstermill.examples.repository

Use "View notebook" in job overviews to view the notebook dialog. Verify that there are no CSP issues, and that the notebook renders as expected, with appropriate styling.

Repeat with a prod build.

Diff Detail

R1 dagster
Lint Not Applicable
Tests Not Applicable

Event Timeline

dish edited the test plan for this revision. (Show Details)
This revision is now accepted and ready to land.Aug 9 2021, 2:56 PM
This revision was automatically updated to reflect the committed changes.