Skip to content

Commit

Permalink
Add the 'REDASH_ENFORCE_CSRF' environment variable (#734)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lucydodo
lucydodo authored Jul 30, 2024
1 parent 6a8039c commit c85e5f8
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/pages/kb/open-source/admin-guide/env-vars-settings.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ most installs) can be set in `/opt/redash/.env`. When developing with Docker, cr
The follow is a list of settings and what they control:

| Name | Description | Default Value |
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ |
|-------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|
| `REDASH_REDIS_URL` | URL Redash services will use to read and write to redis | “redis://localhost:6379/0” |
| `REDASH_DISABLE_PUBLIC_URLS` | Whether to disable access to public URLs | "false" |
| `REDASH_BLOCKED_DOMAINS` | Comma separated of email domains that cannot create user accounts | "qq.com" |
Expand Down Expand Up @@ -65,6 +65,7 @@ The follow is a list of settings and what they control:
| `REDASH_CORS_ACCESS_CONTROL_ALLOW_CREDENTIALS` | | false |
| `REDASH_CORS_ACCESS_CONTROL_REQUEST_METHOD` | | GET, POST, PUT |
| `REDASH_CORS_ACCESS_CONTROL_ALLOW_HEADERS` | | Content-Type |
| `REDASH_ENFORCE_CSRF` | Enforce CSRF token validation on API requests. **This is turned off by default to avoid breaking any existing deployments, but it is highly recommended to turn this toggle on to prevent CSRF attacks.** | false |
| `REDASH_ENABLED_QUERY_RUNNERS` | Comma-separated list of query runners to be enabled (e.g. `redash.query_runner.pg,redash.query_runner.mysql`) | ”,”.join(default_query_runners) |
| `REDASH_ADDITIONAL_QUERY_RUNNERS` | Comma-separated list of non-default query runners to be enabled | |
| `REDASH_DISABLED_QUERY_RUNNERS` | Comma-separated list of query runners that will not appear in Redash | |
Expand Down

0 comments on commit c85e5f8

Please sign in to comment.