venkatamandavilli-code commented on issue #39882:
URL: https://github.com/apache/superset/issues/39882#issuecomment-4471345695
Thanks for reporting this. I agree this looks like an auth ordering issue
specific to embedded dashboards.
If the embedded dashboard is loaded with a guest token flow, the language
pack request should either happen after the guest token is initialized or the
endpoint should be accessible without requiring the normal logged-in session.
Otherwise, localized embedded dashboards can fail even when the dashboard
access itself is valid.
I think the safer fix may be to review whether `/language_pack/{locale}`
exposes anything sensitive before removing `@has_access`. If not, making that
endpoint public would keep embedded dashboard initialization simpler. If there
is any concern, delaying the language pack fetch until after guest token setup
would be cleaner.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
