Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error `The CSRF session token is missing` when embed superset in iframe

See original GitHub issue

Error The CSRF session token is missing when embed superset in iframe

Expected results

Embed charts or dashboard in my web page via iframe

Code

<iframe
  width="1600"
  height="800"
  seamless
  frameBorder="0"
  scrolling="no"
  src="http://192.168.11.118:8088/superset/explore/?form_data=%7B%22datasource%22%3A%2212__table%22%2C%22viz_type%22%3A%22deck_path%22%2C%22slice_id%22%3A81%2C%22url_params%22%3A%7B%7D%2C%22granularity_sqla%22%3Anull%2C%22time_grain_sqla%22%3Anull%2C%22time_range%22%3A%22+%3A+%22%2C%22line_column%22%3A%22path_json%22%2C%22line_type%22%3A%22json%22%2C%22row_limit%22%3A5000%2C%22filter_nulls%22%3Atrue%2C%22adhoc_filters%22%3A%5B%5D%2C%22mapbox_style%22%3A%22mapbox%3A%2F%2Fstyles%2Fmapbox%2Flight-v9%22%2C%22viewport%22%3A%7B%22altitude%22%3A1.5%2C%22bearing%22%3A0%2C%22height%22%3A1094%2C%22latitude%22%3A37.73671752604488%2C%22longitude%22%3A-122.18885402582598%2C%22maxLatitude%22%3A85.05113%2C%22maxPitch%22%3A60%2C%22maxZoom%22%3A20%2C%22minLatitude%22%3A-85.05113%2C%22minPitch%22%3A0%2C%22minZoom%22%3A0%2C%22pitch%22%3A0%2C%22width%22%3A669%2C%22zoom%22%3A9.51847667620428%7D%2C%22color_picker%22%3A%7B%22a%22%3A1%2C%22b%22%3A135%2C%22g%22%3A122%2C%22r%22%3A0%7D%2C%22line_width%22%3A150%2C%22reverse_long_lat%22%3Afalse%2C%22autozoom%22%3Atrue%2C%22js_columns%22%3A%5B%22color%22%5D%2C%22js_data_mutator%22%3A%22data+%3D%3E+data.map%28d+%3D%3E+%28%7B%5Cn++++...d%2C%5Cn++++color%3A+colors.hexToRGB%28d.extraProps.color%29%5Cn%7D%29%29%3B%22%2C%22js_tooltip%22%3A%22%22%2C%22js_onclick_href%22%3A%22%22%7D&standalone=true&height=400"
>
</iframe>

Actual results

Access in chrome address bar

Successful access

When access my web page via iframe

Role admin When I login, Receive Error “
Bad Request

The CSRF session token is missing.
”
Role public Receive Error <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <title>400 Bad Request</title> <h1>Bad Request</h1> <p>The CSRF session token is missing.</p>

Screenshots

How to reproduce the bug

Launch Apache Superset in virtualenv superset run -h 0.0.0.0 -p 8088
Connect the link via iframe into another separate webpage
See error

Environment

(please complete the following information):

superset version: 0.999.0dev / master 2019-10-13
python version: 3.7.3
node.js version: v10.15.2
npm version: 5.8.0

Checklist

Make sure these boxes are checked before submitting your issue - thank you!

I have checked the superset logs for python stacktraces and included it here as text if there are any.
I have reproduced the issue with at least the latest released version of superset.
I have checked the issue tracker for the same issue and I haven’t found one similar.

Additional context

config.py setting PUBLIC_ROLE_LIKE_GAMMA = True

Issue Analytics

State:
Created 4 years ago
Comments:11 (3 by maintainers)

Top GitHub Comments

11reactions

issue-label-bot[bot]commented, Oct 14, 2019

Issue-Label Bot is automatically applying the label #bug to this issue, with a confidence of 0.79. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

10reactions

YBLScommented, Oct 18, 2019

I have solved this problem. SESSION_COOKIE_SAMESITE = None # One of [None, 'Lax', 'Strict']