From 45fab1bd38ae8c0733cc7bf947723d7d932ae18f Mon Sep 17 00:00:00 2001
From: Daniel Gaspar <danielvazgaspar@gmail.com>
Date: Tue, 12 Dec 2023 13:12:42 +0000
Subject: [PATCH] chore: improve CSP add base uri restriction

---
 superset/config.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/superset/config.py b/superset/config.py
index 98f87e6f02119..ca801442d9cff 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -1425,6 +1425,7 @@ def EMAIL_HEADER_MUTATOR(  # pylint: disable=invalid-name,unused-argument
 # If you want Talisman, how do you want it configured??
 TALISMAN_CONFIG = {
     "content_security_policy": {
+        "base-uri": ["'self'"],
         "default-src": ["'self'"],
         "img-src": ["'self'", "blob:", "data:"],
         "worker-src": ["'self'", "blob:"],
@@ -1447,6 +1448,7 @@ def EMAIL_HEADER_MUTATOR(  # pylint: disable=invalid-name,unused-argument
 # React requires `eval` to work correctly in dev mode
 TALISMAN_DEV_CONFIG = {
     "content_security_policy": {
+        "base-uri": ["'self'"],
         "default-src": ["'self'"],
         "img-src": ["'self'", "blob:", "data:"],
         "worker-src": ["'self'", "blob:"],