mistercrunch commented on PR #30134: URL: https://github.com/apache/superset/pull/30134#issuecomment-2737381286
Ok spoke with a few Preset folks and we'd like to help pushing this through, happy to help here. In order to merge this PR: - resolve merge conflicts - get through CI checks - add note in `config.py` about this config flag being in BETA - rule out the security issue raised by CodeQL, we generally need to be cautious when composing any user-provided things in URL watching for XSS. There's an opportunity for the wrapping function to sanitize urls centrally here... - remove package-lock.json from this PR (shouldn't be affected) - figure out how to jam this in the existing test matrixes - without doubling the number of unit tests. That means running existing matrix elements with/without APP_ROOT config. Say we we have mysql/postgres matrix, you make one instance be mysql-with-approot, postgress-without-approot -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
