Unable to load SuperSet UI when I'm using via a domain about superset HOT 7 CLOSED

Going to the provided url doesn't show Superset at all:

That said, whatever rocket-loader is, it's being blocked by Superset's CSP. You can add that domain to your TALISMAN_CONFIG configuration in config.py

from superset.

@rusackas - Sorry for the incomplete details that I provided earlier, also I have tried to change the TALISMAN_CONFIG in my config.py

superset1.greyb.com is hosted on my internal network and it's not public yet, I have also confirmed and there is no blocking or any kind of issue from our end.

Here is my TALISMAN_CONFIG for both production and development mode.

TALISMAN_CONFIG = {
    'contentSecurityPolicy': False,
    "content_security_policy": {
        "default-src": ["'self'","https://superset1.greyb.com"],
        "img-src": ["'self'", "data:","https://superset1.greyb.com"],
        "worker-src": ["'self'", "blob:","https://superset1.greyb.com"],
        "connect-src": [
            "'self'",
            "https://api.mapbox.com",
            "https://events.mapbox.com",
            "https://superset1.greyb.com",
        ],
        "object-src": "'none'",
        "style-src": ["'self'", "'unsafe-inline'","'https://superset1.greyb.com'","https://superset1.greyb.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js"],
        "script-src": ["'self'", "'unsafe-inline'","'unsafe-eval'","'https://superset1.greyb.com'"],
    },
    "content_security_policy_nonce_in": ["script-src"],
    "force_https":False,
}

I have tried many things and option related to this but none of them is working. and whenever I'm accessing with my IP its working fine as shown below.

from superset.

@rusackas - I have a request, do not close this until I get a solution from your side, and we're very curious to know the possible solution from your side.
As I have mentioned the configuration above, I just wanted to share I have tried many permutation combinations to resolve this issue but I failed.
Thanks!!!

from superset.

It looks like you have some weird double quoting in your config there, e.g. "'https://superset1.greyb.com'" should be "https://superset1.greyb.com". From the error you posted, it also seems that it's trying to do a GET to static.cloudflareinsights.com so you'll want to punch a hole for that too.

This doesn't seem like a bug with Superset, but rather a config issue... if you want to keep it open, I can move it to a GitHub discussion in the Q&A section.

from superset.

@rusackas - Tried with this config as well getting same error.

TALISMAN_CONFIG = {
    'contentSecurityPolicy': False,
    "content_security_policy": {
        "default-src": ["'self'","https://superset1.greyb.com"],
        "img-src": ["'self'", "data:","https://superset1.greyb.com"],
        "worker-src": ["'self'", "blob:","https://superset1.greyb.com"],
        "connect-src": [
            "'self'",
            "https://api.mapbox.com",
            "https://events.mapbox.com",
            "https://superset1.greyb.com",
        ],
        "object-src": "'none'",
        "style-src": ["'self'", "'unsafe-inline'","https://superset1.greyb.com"],
        "script-src": ["'self'", "'unsafe-inline'","'unsafe-eval'","https://superset1.greyb.com"],
    },
    "content_security_policy_nonce_in": ["script-src"],
    "force_https":False,
}

As I have also mentioned tried a few alternative and a combination as well

from superset.

Do you have any suggestions to resolve this issue? because I also tried to do some changes in superset_config.py but didn't work.

from superset.

Well, there might be a few problems:

• You have both contentSecurityPolicy and content_security_policy in there. Get rid of contentSecurityPolicy
• It still doesn't look like you've allowed https://static.cloudflareinsights.com
• Are you running in dev or prod mode? Note that there are two configs... TALISMAN_CONFIG and TALISMAN_DEV_CONFIG, so you should be using the right one.

from superset.