When `MB_CUSTOM_GEOJSON_ENABLED` is set to `false`, Metabase will no longer follow GeoJSON map URLs that redirect to private, link-local, or other disallowed network locations. This means that if you have a GeoJSON map URL that redirects to a private, link-local, or other disallowed network location, you will no longer be able to visualize data with Metabase. Data visualization with Metabase on such custom GeoJSON map URLs has been disabled. Custom GeoJSON map URLs that redirect to private, link-local, or other disallowed network locations will no longer be followed by Metabase.
What do you need to update before updating Metabase?
1. Update `MB_CUSTOM_GEOJSON_ENABLED` to `true`.
2. If you have a custom GeoJSON map URL that redirects to a private, link-local, or other disallowed network location, update your map URL as follows:
https://localhost/gist/0hc7j9kst6wdpzd6l19v167h?embed=true&w=400
3. Launch Metabase again and refresh the application in the browser. Your custom GeoJSON map will now be supported in data visualization.
Fixed in 0.6.0-alpha
Changing this setting ensures that Metabase will not follow GeoJSON map URLs that redirect to private, link-local, or other disallowed network locations.
References
SOC1-2205: https://developer.mozilla.org/en-US/docs/GeoJSON
MB_CUSTOM_GEOJSON_ENABLED: Boolean value that allows the user to disable their custom GeoJSON map URLs.
Fix code
// Set this to true so that Metabase will follow GeoJSON map URLs
MB_CUSTOM_GEOJSON_ENABLED = true;
How Can I Monitor My Custom GeoJSON Map URLs?
If you are using a custom GeoJSON map URL, to monitor the GeoJSON map URLs that redirect to private, link-local, or other disallowed network locations, you can use the APIs flushing API to flush any custom GeoJSON map URLs that redirect to private, link-local, or other disallowed network locations.
If you have any questions or concerns about this change in Metabase, please contact our support team.
Timeline
Published on: 10/26/2022 19:15:00 UTC
Last modified on: 10/28/2022 16:10:00 UTC