From aa8040ec9b0033fab8301afea6fccfcf2a245260 Mon Sep 17 00:00:00 2001 From: Erik Ritter Date: Fri, 12 Nov 2021 15:17:21 -0800 Subject: [PATCH] fix: allow POST chart/data request without CSRF token (#17429) --- superset/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/superset/config.py b/superset/config.py index db3434378..4b571dad2 100644 --- a/superset/config.py +++ b/superset/config.py @@ -191,7 +191,7 @@ QUERY_SEARCH_LIMIT = 1000 WTF_CSRF_ENABLED = True # Add endpoints that need to be exempt from CSRF protection -WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.api.data"] +WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.data.api.data"] # Whether to run the web server in debug mode or not DEBUG = os.environ.get("FLASK_ENV") == "development"