Use proxy to load custom maps (to bypass CSP)

getredash · Feb 11, 2020 · 813d97a · 813d97a
1 parent b331c4c
commit 813d97a
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/client/app/visualizations/choropleth/hooks/useLoadGeoJson.js b/client/app/visualizations/choropleth/hooks/useLoadGeoJson.js
@@ -5,6 +5,10 @@ import createReferenceCountingCache from "@/lib/referenceCountingCache";
 
 const cache = createReferenceCountingCache();
 
+function withProxy(url) {
+  return `/resource-proxy?url=${encodeURIComponent(url)}`;
+}
+
 export default function useLoadGeoJson(url) {
   const [geoJson, setGeoJson] = useState(null);
   const [isLoading, setIsLoading] = useState(false);
@@ -14,7 +18,7 @@ export default function useLoadGeoJson(url) {
       setIsLoading(true);
       let cancelled = false;
 
-      const promise = cache.get(url, () => axios.get(url).catch(() => null));
+      const promise = cache.get(url, () => axios.get(withProxy(url)).catch(() => null));
       promise.then(data => {
         if (!cancelled) {
           setGeoJson(isObject(data) ? data : null);

diff --git a/redash/handlers/__init__.py b/redash/handlers/__init__.py
@@ -1,5 +1,6 @@
-from flask import jsonify
+from flask import jsonify, request, Response
 from flask_login import login_required
+import requests
 
 from redash.handlers.api import api
 from redash.handlers.base import routes
@@ -22,6 +23,14 @@ def status_api():
     return jsonify(status)
 
 
+@routes.route("/resource-proxy", methods=["GET"])
+def resource_proxy():
+    response = requests.get(request.args.get('url'))
+    allow_headers = ['content-type']
+    headers = [(name, value) for (name, value) in response.raw.headers.items() if name.lower() in allow_headers]
+    return Response(response.content, response.status_code, headers)
+
+
 def init_app(app):
     from redash.handlers import (
         embed,