Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cross filter not working when including dashboard in iframe #30907

Open
3 tasks
jpchev opened this issue Nov 13, 2024 · 3 comments
Open
3 tasks

cross filter not working when including dashboard in iframe #30907

jpchev opened this issue Nov 13, 2024 · 3 comments
Labels
dashboard:cross-filters Related to the Dashboard cross filters embedded

Comments

@jpchev
Copy link
Contributor

jpchev commented Nov 13, 2024

Bug description

Hello,
I can integrate a dashboard in my UI via the iframe provided with the embedded sdk, but cross filters don't work, in particular I can't drill down and drill by in a pie chart.
I see a 404 error when calling
the call to the api /api/v1/dataset/1
whereas the same call works when browsing the same dashboard in the Apache Superset UI.

Here the call getting a 404 from the iframe, saved as a curl command

curl 'https://myurl/api/v1/dataset/1' \
  -H 'accept: application/json' \
  -H 'accept-language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,it;q=0.6,ru;q=0.5' \
  -H 'cache-control: no-cache' \
  -H 'pragma: no-cache' \
  -H 'priority: u=1, i' \
  -H 'referer: https://myurl/embedded/d73e7841-9342-4afd-8e29-b4a416a2498c?uiConfig=0' \
  -H 'sec-ch-ua: "Chromium";v="130", "Google Chrome";v="130", "Not?A_Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Linux"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: same-origin' \
  -H 'sec-fetch-site: same-origin' \
  -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36' \
  -H 'x-csrftoken: <csrftoken>' \
  -H 'x-guesttoken: <guesttoken>'
{"message":"Not found"}

and here I report the same call working in Apache Superset

curl 'https://myurl/api/v1/dataset/1' \
  -H 'accept: application/json' \
  -H 'accept-language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,it;q=0.6,ru;q=0.5' \
  -H 'cache-control: no-cache' \
  -H 'cookie: session=<session>' \
  -H 'pragma: no-cache' \
  -H 'priority: u=1, i' \
  -H 'referer: https://myurl/superset/dashboard/1/?native_filters_key=DQm0kUmYbI87lXnWjTPKM4pmj0vR7Qy6pt67CgtJaJFSx15Tf-4dVVrkzVXkUPTP' \
  -H 'sec-ch-ua: "Chromium";v="130", "Google Chrome";v="130", "Not?A_Brand";v="99"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Linux"' \
  -H 'x-csrftoken: <csfrtoken> \

can you please look into this ?

Screenshots/recordings

No response

Superset version

4.0.2

Python version

3.9

Node version

16

Browser

Chrome

Additional context

No response

Checklist

  • I have searched Superset docs and Slack and didn't find a solution to my problem.
  • I have searched the GitHub issue tracker and didn't find a similar bug report.
  • I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
Copy link

dosubot bot commented Nov 13, 2024

Hey @jpchev! 👋 I'm here to help you out with your bug report!

I found some similar discussions and issues related to embedding dashboards and encountering errors:

  1. Apache Superset Embedded Not Working - This discussion is unsolved and was last updated on October 4, 2024.
  2. Embedding a dashboard using the Embedded SDK results in the chart POST request failing - This is another unsolved discussion, last updated on July 6, 2023.
  3. Not able to embed superset in iframe - This discussion is also unsolved and was last updated on March 30, 2023.

Additionally, there was a closed issue that might be relevant:

Regarding your specific issue with the 404 error when accessing datasets via API in embedded dashboards, it might be related to authentication or permissions. Ensure that the Guest Token used in the embedded scenario has the necessary permissions to access the dataset. The Superset UI might be using a session-based authentication, which could explain why it works there but not in the embedded iframe. You might need to verify the permissions associated with the Guest Token or check if there are any specific configurations required for cross filters in embedded dashboards, although I couldn't find specific documentation on that [1][2][3][4].

To continue talking to Dosu, mention @dosu.

@dosubot dosubot bot added dashboard:cross-filters Related to the Dashboard cross filters embedded labels Nov 13, 2024
@jpchev
Copy link
Contributor Author

jpchev commented Nov 13, 2024

this seems indeed a problem with permissions, because the issue disappears after changing
GUEST_ROLE_NAME = 'Gamma'
to
GUEST_ROLE_NAME = 'Admin'
to the config.py file

but now I have a CSRF 400 issue.
Anyway, what are the missing permissions to make the role Gamma work, instead of switching to Admin?

Copy link

dosubot bot commented Nov 13, 2024

To resolve the issue with the 'Gamma' role not having sufficient permissions, you need to ensure that the role has the necessary permissions to access the datasets and perform the required actions. Here are some permissions that might be missing for the 'Gamma' role:

  1. Dataset and Database Access:

    • Ensure that the 'Gamma' role has access to the specific datasets and databases needed for the dashboard. This might include permissions like can read on Dataset and can read on Database.
  2. Cross-Filter and API Access:

    • If cross-filtering requires specific API access, ensure that the 'Gamma' role has the necessary permissions to access those endpoints.
  3. Additional Permissions:

    • You might need to add permissions such as can explore on Superset or can explore_json on Superset if they are required for the cross-filter functionality.
  4. Guest Token Permissions:

    • Verify that the guest token used in the embedded scenario has the necessary permissions associated with the 'Gamma' role.

To avoid the CSRF 400 issue, ensure that the CSRF token is correctly configured and included in your requests. You can also configure certain endpoints to be exempt from CSRF protection by adding them to the WTF_CSRF_EXEMPT_LIST in the configuration [1][2].

By adjusting these permissions, you should be able to use the 'Gamma' role effectively without switching to 'Admin'.

To continue talking to Dosu, mention @dosu.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dashboard:cross-filters Related to the Dashboard cross filters embedded
Projects
None yet
Development

No branches or pull requests

1 participant