Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CORS not working as documented

See original GitHub issue

Superset version

0.28.1

using docker image with flask-cors==3.0.3

Expected results

able to load dashboard in an iframe

Actual results

Firefox displays : 'Load denied by X-Frame-Options: … ’

Chrome displays : Refused to display ‘https://…’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’

Steps to reproduce

I’ve added this option to my configuration py file : ENABLE_CORS = True

I’m 100% sure the right file is in use (I also ave OAuth for instance set in the cofig file, and it is working)

I checked that superset[cors] IS installed in the image (I raun pip install superset[cors] inside the container, which told me eveything was already set)

I refer to this documentation : https://superset.incubator.apache.org/installation.html#cors

If something should be added in CORS_OPTIONS please at least give an example, don’t throw readers to parent full documentation.

Thank you for any advice ! I’m pretty sure it’s not a bug but a configuration issue on my side, but I simply can’t find a configuration explanation to allow cross-origin from any url.

Issue Analytics

State:
Created 5 years ago
Comments:6

Top GitHub Comments

1reaction

graceguo-supercatcommented, Nov 24, 2018

See this line in config.py: https://github.com/apache/incubator-superset/blob/0584e3629feaad17dc1391760aeb8a0cf6e8832f/superset/config.py#L316

set HTTP_HEADERS = {} is the right way for embed Superset chart in a iframe. CORS settings are used for 3rd party website that calls Superset backend without iframe.

0reactions

squaloucommented, Nov 24, 2018

Ok ! Thanks for the clarification.

Closing this.