superset-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [incubator-superset] branch master updated: Set longer CSRF token duration (one week) (#4741)
Date Wed, 04 Apr 2018 22:55:34 GMT
This is an automated email from the ASF dual-hosted git repository.

maximebeauchemin pushed a commit to branch master
in repository

The following commit(s) were added to refs/heads/master by this push:
     new adda30b  Set longer CSRF token duration (one week) (#4741)
adda30b is described below

commit adda30bf6653084757f4f1a093dce6898c1bb35f
Author: Maxime Beauchemin <>
AuthorDate: Wed Apr 4 15:55:32 2018 -0700

    Set longer CSRF token duration (one week) (#4741)
    Default is one hour (3600), also this entry makes the setting a bit more
 docs/installation.rst | 20 ++++++++++++++++----
 superset/    |  3 +++
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/docs/installation.rst b/docs/installation.rst
index 725dd9c..3036255 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -242,17 +242,29 @@ of the parameters you can copy / paste in that configuration module:
     # Add endpoints that need to be exempt from CSRF protection
+    # A CSRF token that expires in 1 year
+    WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 365
     # Set this API key to enable Mapbox visualizations
     MAPBOX_API_KEY = ''
-This file also allows you to define configuration parameters used by
-Flask App Builder, the web framework used by Superset. Please consult
+All the parameters and default values defined in
+can be altered in your local ```` .
+Administrators will want to
+read through the file to understand what can be configured locally
+as well as the default values in place.
+Since ```` acts as a Flask configuration module, it
+can be used to alter the settings Flask itself,
+as well as Flask extensions like ``flask-wtf``, ``flask-cache``,
+``flask-migrate``, and ``flask-appbuilder``. Flask App Builder, the web
+framework used by Superset offers many configuration settings. Please consult
 the `Flask App Builder Documentation
-for more information on how to configure Superset.
+for more information on how to configure it.
-Please make sure to change:
+Make sure to change:
 * *SQLALCHEMY_DATABASE_URI*, by default it is stored at *~/.superset/superset.db*
 * *SECRET_KEY*, to a long random string
diff --git a/superset/ b/superset/
index 34788b4..6075352 100644
--- a/superset/
+++ b/superset/
@@ -357,6 +357,9 @@ SILENCE_FAB = True
 # It will be appended at the bottom of sql_lab errors.
+# CSRF token timeout, set to None for a token that never expires
+WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 7
 # This link should lead to a page with instructions on how to gain access to a
 # Datasource. It will be placed at the bottom of permissions errors.

To stop receiving notification emails like this one, please contact

View raw message