Error `The CSRF session token is missing` when embed superset in iframe
See original GitHub issueError The CSRF session token is missing
when embed superset in iframe
Expected results
Embed charts or dashboard in my web page via iframe
Code
<iframe
width="1600"
height="800"
seamless
frameBorder="0"
scrolling="no"
src="http://192.168.11.118:8088/superset/explore/?form_data=%7B%22datasource%22%3A%2212__table%22%2C%22viz_type%22%3A%22deck_path%22%2C%22slice_id%22%3A81%2C%22url_params%22%3A%7B%7D%2C%22granularity_sqla%22%3Anull%2C%22time_grain_sqla%22%3Anull%2C%22time_range%22%3A%22+%3A+%22%2C%22line_column%22%3A%22path_json%22%2C%22line_type%22%3A%22json%22%2C%22row_limit%22%3A5000%2C%22filter_nulls%22%3Atrue%2C%22adhoc_filters%22%3A%5B%5D%2C%22mapbox_style%22%3A%22mapbox%3A%2F%2Fstyles%2Fmapbox%2Flight-v9%22%2C%22viewport%22%3A%7B%22altitude%22%3A1.5%2C%22bearing%22%3A0%2C%22height%22%3A1094%2C%22latitude%22%3A37.73671752604488%2C%22longitude%22%3A-122.18885402582598%2C%22maxLatitude%22%3A85.05113%2C%22maxPitch%22%3A60%2C%22maxZoom%22%3A20%2C%22minLatitude%22%3A-85.05113%2C%22minPitch%22%3A0%2C%22minZoom%22%3A0%2C%22pitch%22%3A0%2C%22width%22%3A669%2C%22zoom%22%3A9.51847667620428%7D%2C%22color_picker%22%3A%7B%22a%22%3A1%2C%22b%22%3A135%2C%22g%22%3A122%2C%22r%22%3A0%7D%2C%22line_width%22%3A150%2C%22reverse_long_lat%22%3Afalse%2C%22autozoom%22%3Atrue%2C%22js_columns%22%3A%5B%22color%22%5D%2C%22js_data_mutator%22%3A%22data+%3D%3E+data.map%28d+%3D%3E+%28%7B%5Cn++++...d%2C%5Cn++++color%3A+colors.hexToRGB%28d.extraProps.color%29%5Cn%7D%29%29%3B%22%2C%22js_tooltip%22%3A%22%22%2C%22js_onclick_href%22%3A%22%22%7D&standalone=true&height=400"
>
</iframe>
Actual results
Access in chrome address bar
Successful access
When access my web page via iframe
- Role
admin
When I login, Receive Error “Bad Request
The CSRF session token is missing.
” - Role
public
Receive Error<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <title>400 Bad Request</title> <h1>Bad Request</h1> <p>The CSRF session token is missing.</p>
Screenshots
How to reproduce the bug
- Launch Apache Superset in virtualenv
superset run -h 0.0.0.0 -p 8088
- Connect the link via iframe into another separate webpage
- See error
Environment
(please complete the following information):
- superset version:
0.999.0dev / master 2019-10-13
- python version:
3.7.3
- node.js version:
v10.15.2
- npm version:
5.8.0
Checklist
Make sure these boxes are checked before submitting your issue - thank you!
- I have checked the superset logs for python stacktraces and included it here as text if there are any.
- I have reproduced the issue with at least the latest released version of superset.
- I have checked the issue tracker for the same issue and I haven’t found one similar.
Additional context
config.py setting
PUBLIC_ROLE_LIKE_GAMMA = True
Issue Analytics
- State:
- Created 4 years ago
- Comments:11 (3 by maintainers)
Top Results From Across the Web
Getting error for showing the charts under iframe from ...
In my testing server embedding worked when I put this line in my loaded "superset_config.py" file. WTF_CSRF_ENABLED = False.
Read more >[GitHub] [incubator-superset] YBLS commented on issue #8382
YBLS commented on issue #8382: Error `The CSRF session token is missing` when embed superset in iframe URL: ...
Read more >[GitHub] [incubator-superset] YBLS closed issue #8382
YBLS closed issue #8382: Error `The CSRF session token is missing` when embed superset in iframe URL: ...
Read more >embed superset dashboard in iframe - You.com | The AI ...
The embed asks for login credentials and then throws a CSRF token is missing error. Screenshots. Same as [#8382]. How to reproduce the...
Read more >airbnb/superset - Gitter
[menu access on Import Dashboards, can download on DashboardModelView, ... via the iframe call ( either via a prelogin in background or via...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Issue-Label Bot is automatically applying the label
#bug
to this issue, with a confidence of 0.79. Please mark this comment with 👍 or 👎 to give our bot feedback!Links: app homepage, dashboard and code for this bot.
I have solved this problem.
SESSION_COOKIE_SAMESITE = None # One of [None, 'Lax', 'Strict']