GitHub user dosubot[bot] added a comment to the discussion: How to embed a dashboard if OAUTH is enabled?
<!-- Answer --> To resolve the "CSRF token is missing" error when embedding a dashboard with OAUTH enabled, ensure that the CSRF token is correctly generated and included in your requests. You can obtain the CSRF token by making a GET request to the `/csrf_token/` endpoint provided by the `SecurityRestApi` class in Superset. Include this CSRF token in the headers of your subsequent requests to the Superset API. The required headers are: - `Accept: application/json` - `X-CSRFToken: <your_csrf_token>` - `Authorization: Bearer <access_token>` - `Referer: <your_referer_url>` Make sure you have a valid access token and that the CSRF token is correctly fetched from `/api/v1/security/csrf_token/` <sup>[[1]](https://github.com/apache/superset/blob/master/superset/security/api.py)</sup><sup>[[2]](https://github.com/apache/superset/blob/master/superset-frontend/packages/superset-ui-core/src/connection/SupersetClientClass.ts)</sup>. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* --- <sup>Help Dosu learn! Give it feedback: [Great Response](https://app.dosu.dev/response-feedback/cacc14ac-1591-45f6-a362-c7f880ec42b5?feedback_type=great_response) | [Irrelevant Answer](https://app.dosu.dev/response-feedback/cacc14ac-1591-45f6-a362-c7f880ec42b5?feedback_type=irrelevant_answer) | [Incorrect Sources](https://app.dosu.dev/response-feedback/cacc14ac-1591-45f6-a362-c7f880ec42b5?feedback_type=incorrect_sources) | [Too Verbose](https://app.dosu.dev/response-feedback/cacc14ac-1591-45f6-a362-c7f880ec42b5?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/cacc14ac-1591-45f6-a362-c7f880ec42b5?feedback_type=hallucination) | [Bug Report](https://app.dosu.dev/response-feedback/cacc14ac-1591-45f6-a362-c7f880ec42b5?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/cacc14ac-1591-45f6-a362-c7f880ec42b5?feedback_type=other)</sup> GitHub link: https://github.com/apache/superset/discussions/33066#discussioncomment-12782430 ---- This is an automatically sent email for notifications@superset.apache.org. To unsubscribe, please send an email to: notifications-unsubscr...@superset.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
