e-geist opened a new issue, #23001:
URL: https://github.com/apache/superset/issues/23001
If we reload a page (we created) with an embedded dashboard, that was
successfully loaded before, "Access is Denied" popups appear in the upper right
corner of the embedded dashboard. These disappear after some seconds and the
dashboard is properly shown.
We noticed this happens, because the browser sends initially an "old cookie"
from previous requests - Superset apparently tries using it and shows "Access
is Denied".
These popups confuse users as the dashboard works fine, but there are some
warnings shown.
There is also nothing the access is denied to, it's more of a cosmetic
problem.
#### How to reproduce the bug
1. Enable embedding dashboards in superset via config
2. Enable a dashboard to be embedded
3. Implement a guest token fetching mechanism
4. Make sure cookie policies are set correctly
5. Load page with embedded dashboard (-> no "Access is Denied" popups as
this is the first access)
6. Reload page with embedded dashboard ("Access is Denied" popups appear and
disappear)
### Expected results
Upon reloading of a page with an embedded dashboard, the dashboard is
properly shown without warnings if there are no problems with
authentication/role access.
### Actual results
Upon reloading of a page with an embedded dashboard, "Access is Denied"
warnings pop up before the actual dashboard is shown.
We would expect that even if the browser sends an old cookie, it is just
discarded, as the provided guest token will be used anyways.
### Environment
browser type and version: Firefox
superset version: 2.0.1
python version: Python 3.8.12
any feature flags active: nothing too special - we use embedding dashboards,
but this also occurs for normal dashboards
### Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [x] I have checked the superset logs for python stacktraces and included
it here as text if there are any.
- [x] I have reproduced the issue with at least the latest released version
of superset.
- [x] I have checked the issue tracker for the same issue and I haven't
found one similar.
### Additional context
By manually deleting the session cookie of the superset instance, before
reloading the page with the embedded dashboard, the warnings can be prevented.
This is of course not feasible for end users.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
