Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Missing CSRF token when embedding dashboard using iframe in development mode

See original GitHub issue

Expected results

I am trying out superset for the first time. I am currently running it in development mode from my local machine and want to embed the dashboards I created in an html using iframes <iframe src="http://172.20.33.111:8088/superset/dashboard/7/?standalone=true" height="600" width="1200">

The embed asks for login credentials and then throws a CSRF token is missing error.

Screenshots

Same as [#8382]

How to reproduce the bug

Launch Apache Superset using superset run -h 0.0.0.0 -p 8088

Connect the link via iframe into another separate webpage See error

Environment

superset package version: 0.35.1
python version: 3.6.7
node.js version: v8.10.0
npm version: 3.5.2

Checklist

Make sure these boxes are checked before submitting your issue - thank you!

I have checked the superset logs for python stacktraces and included it here as text if there are any.
I have reproduced the issue with at least the latest released version of superset.
I have checked the issue tracker for the same issue and I haven’t found one similar.

Additional context

As per [#8382], I have updated the SESSION_COOKIE_SAMESITE value to None, but it didn’t work for me.

Issue Analytics

State:
Created 4 years ago
Comments:6 (2 by maintainers)

Top GitHub Comments

1reaction

issue-label-bot[bot]commented, Dec 13, 2019

Issue-Label Bot is automatically applying the label #bug to this issue, with a confidence of 0.74. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

0reactions

stale[bot]commented, Feb 15, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.

Top Results From Across the Web

[GitHub] [incubator-superset] azure31 opened a new issue ...

azure31 opened a new issue #8830: Missing CSRF token when embedding dashboard using iframe in development mode URL: ...

cant a CSRF token be stolen using iframe?

the client retrieves from the server a CSRF token. the token is stored in an input element inside the form like this:

embed superset dashboard in iframe - You.com | The AI ...

The embed asks for login credentials and then throws a CSRF token is missing error. Screenshots. Same as [#8382]. How to reproduce the...

Getting error for showing the charts under iframe from ...

In my testing server embedding worked when I put this line in my loaded "superset_config.py" file. WTF_CSRF_ENABLED = False.

Enable URL allow list for cross-origin iframe communication ...

(Medium) If you do not inclusion list intended domains, the ability to embed other pages within Now Platform instances may be limited. Security ......