superset
superset copied to clipboard
Published
1 month ago
•
apache
apache
Embed charts with iframe without any login.
Bug description
Embed charts with iframe without any login. (publicly accessible)
This is my superset_config.py file
from flask_appbuilder.security.views import expose
from superset.security import SupersetSecurityManager
from flask_appbuilder.security.manager import BaseSecurityManager
from flask_appbuilder.security.manager import AUTH_REMOTE_USER
from flask import redirect, request, flash
from flask_login import login_user
# Superset specific config
ROW_LIMIT = 50000
# Flask App Builder configuration
# Your App secret key will be used for securely signing the session cookie
# and encrypting sensitive information on the database
# Make sure you are changing this key for your deployment with a strong key.
# Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
# You MUST set this for production environments or the server will not refuse
# to start and you will see an error in the logs accordingly.
SECRET_KEY = '123sampad789'
# The SQLAlchemy connection string to your database backend
# This connection defines the path to the database that stores your
# superset metadata (slices, connections, tables, dashboards, ...).
# Note that the connection information to connect to the datasources
# you want to explore are managed directly in the web UI
# The check_same_thread=false property ensures the sqlite client does not attempt
# to enforce single-threaded access, which may be problematic in some edge cases
SQLALCHEMY_DATABASE_URI = 'postgresql://postgres:123sampad789@localhost:54321/superset'
# Flask-WTF flag for CSRF
WTF_CSRF_ENABLED = False
# Add endpoints that need to be exempt from CSRF protection
WTF_CSRF_EXEMPT_LIST = []
# A CSRF token that expires in 1 year
WTF_CSRF_TIME_LIMIT = 60 * 60 * 24 * 365
# Set this API key to enable Mapbox visualizations
MAPBOX_API_KEY = ''
FEATURE_FLAGS = {'DASHBOARD_CROSS_FILTERS' : True, "EMBEDDABLE_CHARTS": True, "EMBEDDED_SUPERSET": True, 'PUBLIC_ROLE_LIKE_GAMMA': True}
How to reproduce the bug
Try to embed chart with iframe
Screenshots/recordings
No response
Superset version
3.1.0
Python version
3.9
Node version
16
Browser
Chrome
Additional context
No response
Checklist
- [X] I have searched Superset docs and Slack and didn't find a solution to my problem.
- [X] I have searched the GitHub issue tracker and didn't find a similar bug report.
- [ ] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
I tried this, it's handling login, but iframe is not working.
https://www.tetranyde.com/blog/embedding-superset
from flask_appbuilder.security.views import expose
from superset.security import SupersetSecurityManager
from flask_appbuilder.security.manager import BaseSecurityManager
from flask_appbuilder.security.manager import AUTH_REMOTE_USER
from flask import redirect, request, flash
from flask_login import login_user
# Create a custom view to authenticate the user
AuthRemoteUserView=BaseSecurityManager.authremoteuserview
class CustomAuthUserView(AuthRemoteUserView):
@expose('/login/')
def login(self):
token = request.args.get('token')
next = request.args.get('next')
sm = self.appbuilder.sm
session = sm.get_session
user = session.query(sm.user_model).filter_by(username='admin').first()
if token == '1234abcd456':
login_user(user, remember=False, force=True)
if (next is not None):
return redirect(next)
else:
return redirect(self.appbuilder.get_url_for_index)
else:
flash('Unable to auto login', 'warning')
return super(CustomAuthUserView,self).login()
# Create a custom Security manager that overrides the CustomAuthUserView
class CustomSecurityManager(SupersetSecurityManager):
authremoteuserview = CustomAuthUserView
# Use our custom authenticator
CUSTOM_SECURITY_MANAGER = CustomSecurityManager
# User remote authentication
AUTH_TYPE = AUTH_REMOTE_USER
