Iframe embedding in a https site says CSRF token missing

[aman101097]

Whenever I try to embed my dashboard as an iframe in a hosted website of mine..it says CSRF token missing. I tried everything nothing helped. Any leads on this will be appreciated

[kunal15145]

SESSION_COOKIE_SAMESITE = None. Try doing this in the config file

[trsree]

SESSION_COOKIE_SAMESITE = None didnt work..

What is the solution to fix the issue?

[amitmiran137]

Try = 'None'

[aman101097]

SESSION_COOKIE_SAMESITE = None didnt work..

What is the solution to fix the issue?

SESSION_COOKIE_SAMESITE = "Lax" # One of [None, 'None', 'Lax', 'Strict'] These are four values that can be applied there..Can u try the string None? Also make sure you are loading superset_config.py file correclty

[1997827]

SESSION_COOKIE_SAMESITE = None didnt work.. What is the solution to fix the issue?

SESSION_COOKIE_SAMESITE = "Lax" # One of [None, 'None', 'Lax', 'Strict'] These are four values that can be applied there..Can u try the string None? Also make sure you are loading superset_config.py file correclty

None or 'None' both not working

[sujeethkanuganti]

Is this resolved ? Have same problem.

[aman101097]

Try this:

TALISMAN_CONFIG = { "content_security_policy": None, "force_https": False, "force_https_permanent": False, }

CSRF_ENABLED = False

[keehl1213]

Same here

[gonzalo]

Same problem here. Superset deployed with a docker image, loading superset_config.py with a binding (and sure is loading conf file because I had some problems parsing it at beginning)

To make it work at login I have to add two different confs

SESSION_COOKIE_SAMESITE = 'None'  # One of [None, 'Lax', 'Strict']
SESSION_COOKIE_SECURE = True

[edge7]

anyone found a solution that actually works?

[gonzalo]

@edge7 have you checked my solution?

[nurmuda]

@gonzalo ...I already try..but not working ..pls let me know

[gonzalo]

Just using it in latest apache 0.38. Using amancevice superset docker image https://github.com/amancevice/docker-superset

Ensure that your superset instance is loading superset_config.py and it should work

[nurmuda]

Just using it in latest apache 0.38. Using amancevice superset docker image https://github.com/amancevice/docker-superset

Ensure that your superset instance is loading superset_config.py and it should work

Hi Gonzalo thx for the response...I already using superset docker from amancevice , version 0.38.0 ....what the user / passsword, I cant login using admin/admin ...Please let me know

[aman101097]

Hi u have to exec into the docker image and use the commands:-

export FLASK_APP=superset
flask fab create-admin

[nurmuda]

flask fab create-admin

Ok thx @aman101097 for the quick response ...I can login now ....

[nurmuda]

Just using it in latest apache 0.38. Using amancevice superset docker image https://github.com/amancevice/docker-superset

Ensure that your superset instance is loading superset_config.py and it should work Hi @gonzalo @aman101097 ...where is I can find superset_config.py in your docker image ? I need to create a new one ? Usually, I can find them in pythonpath_dev Please let me know ...Thx U ...

[gonzalo]

in case you're using that docker image you should bind a location /etc location on your host and place there the superset_config file

In my case this is part of my docker-compose.yml (for a swarm deployment)

version: '3.3'

services:

  dashboard:
    image: amancevice/superset:0.38.0
    volumes:
      - superset-data:/var/lib/superset
      - /etc/localtime:/etc/localtime:ro
      - /xxxx/xxxx/superset-dashboard/etc:/etc/superset

and in my host I have a /xxxx/xxxx/superset-dashboard/etc/superset_config.py file with these contents

SESSION_COOKIE_SAMESITE = 'None'  # One of [None, 'Lax', 'Strict']
SESSION_COOKIE_SECURE = True

[zhugw]

In my case I used version 1.1.0 As @aman101097 way only has below config is ok

WTF_CSRF_ENABLED = False