dosubot[bot] commented on issue #32903: URL: https://github.com/apache/superset/issues/32903#issuecomment-2762258478
<!-- Answer --> I found some similar discussions that might be relevant to your issue: 1. [Don't work "Edit chart" in Embedded dashboard](https://github.com/apache/superset/discussions/29560) - This discussion is still open and might provide insights into issues with embedded dashboards <sup>[[1]](https://github.com/apache/superset/discussions/29560)</sup>. 2. [Issues embedding dashboard in public website](https://github.com/apache/superset/discussions/31442) - This is another open discussion that could be related to your problem with embedding dashboards <sup>[[2]](https://github.com/apache/superset/discussions/31442)</sup>. Regarding your issue with the 403 Forbidden error and logout on refresh, here are some points to consider: 1. **403 Forbidden Error**: This can occur due to missing `dashboardID` in the `form_data` object. Ensure that the `dashboardID` is included in the `form_data` object to avoid permission errors <sup>[[3]](https://github.com/apache/superset/issues/32552)</sup>. 2. **Session Management**: Superset uses guest tokens for session management in embedded dashboards. If there's an issue with the guest token, it can lead to session interruptions and 401 errors. Ensure that the guest token is generated correctly <sup>[[4]](https://github.com/apache/superset/blob/master/superset-frontend/src/embedded/index.tsx)</sup>. 3. **Role Configuration**: The `GUEST_ROLE_NAME` is set to "Gamma". Ensure that the "Gamma" role has the necessary permissions to access the embedded dashboards. Missing permissions can lead to access issues <sup>[[5]](https://github.com/apache/superset/blob/master/superset-embedded-sdk/README.md)</sup>. 4. **CORS Configuration**: Your `CORS_OPTIONS` seem to be set up to allow requests from specific origins. Ensure that these settings are correct and that the domains from which you are accessing the dashboard are included <sup>[[6]](https://github.com/apache/superset/blob/master/docs/docs/configuration/networking-settings.mdx)</sup>. 5. **CSRF Protection**: Disabling CSRF protection (`WTF_CSRF_ENABLED = False`) can lead to security vulnerabilities. It's generally recommended to keep this enabled in production environments <sup>[[7]](https://github.com/apache/superset/blob/master/tests/integration_tests/superset_test_config.py)</sup>. Review these points and adjust your configuration accordingly to resolve the issues with your embedded dashboard. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* --- <sup>Help Dosu learn! Give it feedback: [Great Response](https://app.dosu.dev/response-feedback/e64bd498-806a-4163-a231-d0028248c632?feedback_type=great_response) | [Irrelevant Answer](https://app.dosu.dev/response-feedback/e64bd498-806a-4163-a231-d0028248c632?feedback_type=irrelevant_answer) | [Incorrect Sources](https://app.dosu.dev/response-feedback/e64bd498-806a-4163-a231-d0028248c632?feedback_type=incorrect_sources) | [Too Verbose](https://app.dosu.dev/response-feedback/e64bd498-806a-4163-a231-d0028248c632?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/e64bd498-806a-4163-a231-d0028248c632?feedback_type=hallucination) | [Bug Report](https://app.dosu.dev/response-feedback/e64bd498-806a-4163-a231-d0028248c632?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/e64bd498-806a-4163-a231-d0028248c632?feedback_type=other)</sup> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
