Bug description

I am not able to fetch the guest_token. I am facing the same issue as described here in this issue

23060

I am also getting the access_token, but I am not able to get guest_token afterwards (405 method not allowed) I have nginx proxy server in front of my superset which is passing the request from port 443 to 8088. I am still getting this issue.

How to reproduce the bug

Screenshots/recordings

No response

Superset version

master

Python version

3.9

Node version

Browser

Chrome

Additional context

No response

Checklist

[X] I have searched Superset docs and Slack and didn't find a solution to my problem.
[X] I have searched the GitHub issue tracker and didn't find a similar bug report.
[X] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

Hey @stockarea! 👋 I'm here to help you with any bugs, questions, or contributions you have for the repository. Let me know how I can assist you!

To resolve the "Method 405 not allowed" error when trying to fetch the guest_token in Superset version 4.0.1, ensure that you are making a POST request to the /guest_token/ endpoint. The endpoint is explicitly defined to accept only POST requests:

@expose("/guest_token/", methods=("POST",))

Here is an example of how to make a correct POST request to this endpoint:

curl -X POST https://your-superset-domain.com/guest_token/ \
     -H "Content-Type: application/json" \
     -d '{
           "user": {
             "username": "guest_user",
             "first_name": "Guest",
             "last_name": "User"
           },
           "resources": [
             {
               "type": "dashboard",
               "id": "1"
             }
           ],
           "rls": []
         }'

Ensure that your nginx proxy server is correctly forwarding POST requests from port 443 to port 8088. Here is a sample nginx configuration snippet:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent [$connection_requests] "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    keepalive_timeout  30;
    keepalive_requests 2;

    gzip on;
    gzip_comp_level    5;
    gzip_min_length    256;
    gzip_proxied       any;
    gzip_vary          on;
    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/rss+xml
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/svg+xml
        image/x-icon
        text/css
        text/plain
        text/x-component;

    output_buffers 20 10m;
    client_max_body_size 10m;

    upstream superset_app {
        server host.docker.internal:8088;
        keepalive 100;
    }

    upstream superset_websocket {
        server host.docker.internal:8080;
        keepalive 100;
    }

    server {
        listen 443 ssl;
        server_name your-superset-domain.com;

        location /ws {
            proxy_pass http://superset_websocket;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
        }

        location / {
            proxy_pass http://superset_app;
            proxy_set_header    Host                $host;
            proxy_set_header    X-Real-IP           $remote_addr;
            proxy_set_header    X-Forwarded-For     $remote_addr;
            proxy_set_header    X-Forwarded-Host    $host;
            proxy_set_header    X-Forwarded-Proto   $scheme;
            proxy_http_version 1.1;
            port_in_redirect off;
            proxy_connect_timeout 300;
        }
    }
}

Make sure that the proxy_pass directive is correctly set to forward requests to the Superset backend running on port 8088 ^[1]^[2].

To continue talking to Dosu, mention @dosu.

Hello, I am passing POST request only. Here is the screenshot for it.

Also, nginx is working correctly I suppose that's why I am able to fetch the access_token it seems? Otherwise that API will also fail correct?

If you're already making a POST request and your nginx configuration is correctly forwarding requests, the issue might be related to how the endpoint is defined or how the request is being handled by Superset.

Ensure Endpoint Definition: Verify that the /guest_token/ endpoint is defined to accept POST requests in your Superset configuration. The endpoint should be defined like this:
```
@expose("/guest_token/", methods=("POST",))
def guest_token(self) -> FlaskResponse:
    # Endpoint logic here
```

Nginx Configuration: Double-check your nginx configuration to ensure it allows POST requests to the /guest_token/ endpoint. Here is a sample configuration snippet:

server {
    listen 443 ssl;
    server_name your-superset-domain.com;

    location / {
        proxy_pass http://superset_app;
        proxy_set_header    Host                $host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $remote_addr;
        proxy_set_header    X-Forwarded-Host    $host;
        proxy_set_header    X-Forwarded-Proto   $scheme;
        proxy_http_version 1.1;
        port_in_redirect off;
        proxy_connect_timeout 300;
    }

    location /guest_token/ {
        proxy_pass http://superset_app/guest_token/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_method POST;  # Ensure POST method is allowed
    }
}

Superset Client Configuration: Ensure that your Superset client is correctly configured to handle the guest_token. The SupersetClientClass should include the guestToken and guestTokenHeaderName properties, and the post method should be used to make the POST request. Here is a snippet from the SupersetClientClass:

export default class SupersetClientClass {
  guestToken?: string;
  guestTokenHeaderName: string;

  constructor({
    guestToken = undefined,
    guestTokenHeaderName = 'X-GuestToken',
  }: ClientConfig = {}) {
    this.guestToken = guestToken;
    this.guestTokenHeaderName = guestTokenHeaderName;
    if (guestToken) {
      this.headers[guestTokenHeaderName] = guestToken;
    }
  }

  async post<T extends ParseMethod = 'json'>(
    requestConfig: RequestConfig & { parseMethod?: T },
  ) {
    return this.request({ ...requestConfig, method: 'POST' });
  }
}

Reload Nginx: After making changes to your nginx configuration, reload or restart the nginx service to apply the changes:
```
sudo nginx -s reload
```

By ensuring that the endpoint is correctly defined, the nginx configuration allows POST requests, and the Superset client is properly configured, you should be able to resolve the "Method 405 not allowed" error when fetching the guest_token ^[1]^[2]^[3].

To continue talking to Dosu, mention @dosu.

I got the same error, this is the stack trace, the application got "POST /api/v1/security/guest_token HTTP/1.1" 308 293 " correctly at first but somehow ended up with the error.

10.0.2.40 - - [01/Jun/2024:12:31:57 +0000] "POST /api/v1/security/guest_token HTTP/1.1" 308 293 "-" "PostmanRuntime/7.39.0"
HTTPException
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1788, in dispatch_request
    self.raise_routing_exception(req)
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1770, in raise_routing_exception
    raise request.routing_exception  # type: ignore
  File "/usr/local/lib/python3.9/site-packages/flask/ctx.py", line 351, in match_request
    result = self.url_adapter.match(return_rule=True)  # type: ignore
  File "/usr/local/lib/python3.9/site-packages/werkzeug/routing/map.py", line 647, in match
    raise MethodNotAllowed(valid_methods=list(e.have_match_for)) from None
werkzeug.exceptions.MethodNotAllowed: 405 Method Not Allowed: The method is not allowed for the requested URL.
2024-06-01 12:31:58,099:WARNING:superset.views.base:HTTPException
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1788, in dispatch_request
    self.raise_routing_exception(req)
  File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1770, in raise_routing_exception
    raise request.routing_exception  # type: ignore
  File "/usr/local/lib/python3.9/site-packages/flask/ctx.py", line 351, in match_request
    result = self.url_adapter.match(return_rule=True)  # type: ignore
  File "/usr/local/lib/python3.9/site-packages/werkzeug/routing/map.py", line 647, in match
    raise MethodNotAllowed(valid_methods=list(e.have_match_for)) from None
werkzeug.exceptions.MethodNotAllowed: 405 Method Not Allowed: The method is not allowed for the requested URL.
10.0.2.40 - - [01/Jun/2024:12:31:58 +0000] "GET /api/v1/security/guest_token/ HTTP/1.1" 405 271 "http://mydashboard.com/api/v1/security/guest_token/" "PostmanRuntime/7.39.0"

And I already had nginx proxy my request to superset-server:8088 Also this is how my superset_config_docker.py look like

PUBLIC_ROLE_LIKE = "Gamma"

TALISMAN_ENABLED = False

ENABLE_CORS = True

HTTP_HEADERS = {
    "X-Frame-Options": "ALLOWALL"
}

FEATURE_FLAGS = {
    "EMBEDDED_SUPERSET": True,
    "GUEST_TOKEN": True
}

And this is my nginx.conf

    location / {
        proxy_set_header   Host $http_host;
        proxy_pass             http://dashboard;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection "upgrade";
    }

    listen 443 ssl;

Updated: I tried to use curl to post to superset directly and got this result

<!doctype html>
<html lang=en>
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to the target URL: <a href="http://ip-address:8088/api/v1/security/guest_token/">http://ip-address:8088/api/v1/security/guest_token/</a>. If not, click the link.

Look like a POST to api/v1/security/guest_token result in a redirect to GET api/v1/security/guest_token, that's why I got this error

So this is the fix

Add this config in superset_config_docker.py ENABLE_PROXY_FIX = True
Set X-Forwarded-Proto header in nginx proxy "https"

@stockarea let us know if this indeed resolves the issue for you. 🤞

apache / superset

Method 405 not allowed for guest_token fetching #28777