Page MenuHomeElementl

[dagit] Enable limited frame-src

Authored by dish on Aug 9 2021, 2:34 PM.
Referenced Files
F2560625: D9210.diff
Sat, Sep 24, 9:26 AM
Unknown Object (File)
Sun, Sep 11, 11:44 PM
Unknown Object (File)
Fri, Sep 9, 9:53 PM
Unknown Object (File)
Aug 14 2022, 11:02 PM
Unknown Object (File)
Aug 13 2022, 8:24 AM
Unknown Object (File)
Aug 12 2022, 4:43 PM
Unknown Object (File)
Aug 12 2022, 4:43 PM
Unknown Object (File)
Aug 12 2022, 12:42 PM



As reported on Slack.

Re-enable frame-src CSP directive to allow showing ipynb iframes. Allowed on localhost for dev, otherwise 'self'. This has been broken since the CSP was released.

I've added sandbox to the iframe to keep it a bit more locked down, since I don't really know how dangerous the rendered contents actually are. It doesn't seem like they need any JavaScript, but I assume if they do, someone is going to report bugs to us fairly quickly.

Test Plan

Run dagit with dagstermill repo:

$ dagit -p 3333 -m dagstermill.examples.repository

Use "View notebook" in job overviews to view the notebook dialog. Verify that there are no CSP issues, and that the notebook renders as expected, with appropriate styling.

Repeat with a prod build.

Diff Detail

R1 dagster
Lint Not Applicable
Tests Not Applicable

Event Timeline

dish edited the test plan for this revision. (Show Details)
This revision is now accepted and ready to land.Aug 9 2021, 2:56 PM
This revision was automatically updated to reflect the committed changes.