GitHub user dosubot[bot] added a comment to the discussion: I embedded superset on another site but can't log in?
<!-- Answer --> When embedding Superset in another site, login issues are usually caused by browser restrictions on cookies in cross-origin iframes or by missing embedded authentication setup. Chrome and other browsers often block authentication cookies in iframes from a different domain, which prevents standard login from working. To embed Superset dashboards securely, it's recommended to use the guest token authentication mechanism with the `EMBEDDED_SUPERSET` feature flag enabled. This requires generating a guest token for the dashboard, configuring allowed domains, and setting CORS and X-Frame-Options headers to permit embedding. If you see a login page inside the iframe, it usually means guest token authentication is not set up or not working, and standard login will likely fail due to browser security policies. See more details and a checklist of what to configure [here](https://github.com/apache/superset/issues/33902). If you want to allow public access to dashboards without login, you can set `PUBLIC_ROLE_LIKE = "Gamma"` in your Superset config and ensure the dashboard is published, but this removes authentication for those dashboards ([reference](https://github.com/apache/superset/discussions/31949)). If you need to require login, consider serving both Superset and your embedding app from the same domain, or use SSO solutions that work across both apps. For most use cases, guest token embedding is the recommended and supported approach. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/e7402bcc-5652-4e30-8b23-24b8c06a723d?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/e7402bcc-5652-4e30-8b23-24b8c06a723d?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/e7402bcc-5652-4e30-8b23-24b8c06a723d?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/e7402bcc-5652-4e30-8b23-24b8c06a723d?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/e7402bcc-5652-4e30-8b23-24b8c06a723d?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/e7402bcc-5652-4e30-8b23-24b8c06a723d?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/e7402bcc-5652-4e30-8b23-24b8c06a723d?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35980) GitHub link: https://github.com/apache/superset/discussions/35980#discussioncomment-14867740 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
