Alejandroid17 commented on issue #16398:
URL: https://github.com/apache/superset/issues/16398#issuecomment-3890871467
I have the same problem.
When I try to do it from a script, some endpoints don't work, but it works
from Postman.
Superset version: 4.1.0
Script:
```python
with requests.Session() as session:
# ---- LOGIN ----
url = urllib.parse.urljoin(self.base_url, '/api/v1/security/login')
payload = {
"username": self.username,
"password": self.password,
"provider": "db",
"refresh": True,
}
response = session.post(url, json=payload)
response.raise_for_status()
access_token = response.json()["access_token"]
# ---- AUTH HEADER ----
session.headers.update(
{
"Authorization": f"Bearer {access_token}",
}
)
# ---- CSRF ----
csrf_url = urllib.parse.urljoin(self.base_url,
'/api/v1/security/csrf_token/')
csrf_res = session.get(csrf_url)
csrf_res.raise_for_status()
csrf_token = csrf_res.json()["result"]
session.headers.update({"X-CSRFToken": csrf_token})
print("Cookies:", session.cookies.get_dict())
print("CSRF:", session.headers.get("X-CSRFToken"))
# Users - OK
url = urllib.parse.urljoin(self.base_url, '/api/v1/security/users')
users_res = session.get(url)
users_res.raise_for_status()
print("Users:", users_res.json())
# Databse - FAIL -> Missing CSRF token
url = urllib.parse.urljoin(self.base_url, '/api/v1/database/')
res = session.post(url, json=data)
res.raise_for_status()
```
Output:
```bash
Cookies: {'session': '63-FMavKIPpx1yPVLucJ......DZ1OLxA-KLDpXHnqo'}
JWT: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI......LA4XQR7rANbqiY
CSRF:
IjUyNmY3NTFjODkyZmIxY2JmZmY5MTllNTA3YTcyYjFkYTczODg3NmIi.aY3Pjw.x4vEM5JM92cdFKod8RH6QY1Jm_U
Users: {'count': 2, 'description_columns': {}, .....
```
Trace:
```bash
superset_app | During handling of the above exception, another
exception occurred:
superset_app |
superset_app | Traceback (most recent call last):
superset_app | File
"/usr/local/lib/python3.10/site-packages/flask/app.py", line 1482, in
full_dispatch_request
superset_app | rv = self.preprocess_request()
superset_app | File
"/usr/local/lib/python3.10/site-packages/flask/app.py", line 1974, in
preprocess_request
superset_app | rv = self.ensure_sync(before_func)()
superset_app | File
"/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line 229, in
csrf_protect
superset_app | self.protect()
superset_app | File
"/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line 264, in
protect
superset_app | self._error_response(e.args[0])
superset_app | File
"/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line 307, in
_error_response
superset_app | raise CSRFError(reason)
superset_app | flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF
session token is missing.
```
Perhaps, related settings:
```python
WTF_CSRF_ENABLED = True
WTF_CSRF_EXEMPT_LIST = [
"superset.views.core.log",
"superset.views.core.explore_json",
"superset.charts.data.api.data",
"superset.dashboards.api.cache_dashboard_screenshot",
]
```
Postman (The bd already exists, but the call is correct.)
<img width="1083" height="903" alt="Image"
src="https://github.com/user-attachments/assets/dba264f0-7b49-4759-b014-6e008c4e75c0";
/>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
