[GitHub] [superset] sebastianliebscher opened a new issue, #24189: '400 Bad Request: The CSRF session token is missing.' when trying to import assets via API

via GitHub Tue, 23 May 2023 06:52:36 -0700


sebastianliebscher opened a new issue, #24189:
URL: https://github.com/apache/superset/issues/24189


   When trying to import assets (from 'load-examples') via Superset API, the 
POST results in `The CSRF session token is missing`. The CSRF session token 
should be valid as the same token is able to export assets successfully.
   
   #### How to reproduce the bug
   
   1. start dev env `docker-compose up` from [latest 
master](https://github.com/apache/superset/tree/bc0079f2fb4d09b6c3b711ef950fcb6a907c7e96)
 or `TAG=2.1.0 docker-compose -f non-dev.yaml up`
   2. `superset load-examples`
   3. export zip from /api/v1/assets/export/
   4. delete all assets
   5. import assets:
   
   ```bash
   curl --request POST \
     --url http://127.0.0.1:8088/api/v1/assets/import/ \
     --header 'Authorization: Bearer bearer' \
     --header 'Content-Type: multipart/form-data' \
     --header 'X-CSRFToken: token' \
     --cookie session=session \
     --form bundle=@./assets_export_20230522T220422.zip \
     --form 'passwords={"databases/examples.yaml": "superset"}'
   ```
   
   ### Expected results
   
   POST returns 200 with successfully imported assets
   
   ### Actual results
   
   `Error: Number of redirects hit maximum amount`
   
   ```html
   <!doctype html>
   <html lang=en>
   <title>Redirecting...</title>
   <h1>Redirecting...</h1>
   <p>You should be redirected automatically to the target URL: <a 
href="/login/">/login/</a>. If not, click the link.
   ```
   
   and from container log
   
   ```sh
   2023-05-23 12:34:20,840:INFO:flask_wtf.csrf:The CSRF session token is 
missing.
   2023-05-23 12:34:20,840:WARNING:superset.views.base:Refresh CSRF token error
   Traceback (most recent call last):
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 261, 
in protect
       validate_csrf(self._get_csrf_token())
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 103, 
in validate_csrf
       raise ValidationError("The CSRF session token is missing.")
   wtforms.validators.ValidationError: The CSRF session token is missing.
   During handling of the above exception, another exception occurred:
   Traceback (most recent call last):
     File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1821, in 
full_dispatch_request
       rv = self.preprocess_request()
     File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2313, in 
preprocess_request
       rv = self.ensure_sync(before_func)()
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 229, 
in csrf_protect
       self.protect()
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 264, 
in protect
       self._error_response(e.args[0])
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 307, 
in _error_response
       raise CSRFError(reason)
   flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF session token is missing.
   2023-05-23 12:34:20,841:INFO:werkzeug:192.168.64.1 - - [23/May/2023 
12:34:20] "POST /api/v1/assets/import/ HTTP/1.1" 302 -
   2023-05-23 12:34:20,846:INFO:flask_wtf.csrf:The CSRF session token is 
missing.
   2023-05-23 12:34:20,846:WARNING:superset.views.base:Refresh CSRF token error
   Traceback (most recent call last):
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 261, 
in protect
       validate_csrf(self._get_csrf_token())
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 103, 
in validate_csrf
       raise ValidationError("The CSRF session token is missing.")
   wtforms.validators.ValidationError: The CSRF session token is missing.
   During handling of the above exception, another exception occurred:
   Traceback (most recent call last):
     File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1821, in 
full_dispatch_request
       rv = self.preprocess_request()
     File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2313, in 
preprocess_request
       rv = self.ensure_sync(before_func)()
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 229, 
in csrf_protect
       self.protect()
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 264, 
in protect
       self._error_response(e.args[0])
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 307, 
in _error_response
       raise CSRFError(reason)
   flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF session token is missing.
   2023-05-23 12:34:20,847:INFO:werkzeug:192.168.64.1 - - [23/May/2023 
12:34:20] "POST /login/ HTTP/1.1" 302 -
   2023-05-23 12:34:20,851:INFO:flask_wtf.csrf:The CSRF session token is 
missing.
   2023-05-23 12:34:20,852:WARNING:superset.views.base:Refresh CSRF token error
   Traceback (most recent call last):
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 261, 
in protect
       validate_csrf(self._get_csrf_token())
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 103, 
in validate_csrf
       raise ValidationError("The CSRF session token is missing.")
   wtforms.validators.ValidationError: The CSRF session token is missing.
   During handling of the above exception, another exception occurred:
   Traceback (most recent call last):
     File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1821, in 
full_dispatch_request
       rv = self.preprocess_request()
     File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2313, in 
preprocess_request
       rv = self.ensure_sync(before_func)()
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 229, 
in csrf_protect
       self.protect()
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 264, 
in protect
       self._error_response(e.args[0])
     File "/usr/local/lib/python3.9/site-packages/flask_wtf/csrf.py", line 307, 
in _error_response
       raise CSRFError(reason)
   flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF session token is missing.
   ```
   
   ### Environment
   
   - browser type and version: curl 8.0.1
   - superset version: tested for 2.1.0 and 
https://github.com/apache/superset/tree/bc0079f2fb4d09b6c3b711ef950fcb6a907c7e96
   - python version: 3.9
   - any feature flags active: default
   
   ### Checklist
   
   Make sure to follow these steps before submitting your issue - thank you!
   
   - [x] I have checked the superset logs for python stacktraces and included 
it here as text if there are any.
   - [x] I have reproduced the issue with at least the latest released version 
of superset.
   - [x] I have checked the issue tracker for the same issue and I haven't 
found one similar.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [superset] sebastianliebscher opened a new issue, #24189: '400 Bad Request: The CSRF session token is missing.' when trying to import assets via API

Reply via email to