C-monC opened a new issue, #21368:
URL: https://github.com/apache/superset/issues/21368
Hi,
This is probably not a bug with superset but I would appreciate help
identifying the issue.
When a user logs in they have a small change of getting a frontend that
belongs to someone else.
i.e. Clicking profile in the top right menu actually takes you to someone
else's profile.
The api always has the correct user ("/api/me/") - there is no data leakage.
It just presents broken UI's to users.
The other user's username is also shared with the other user - a big concern.
This issue lasts about a minute. Refreshing the page many times delivers the
right page after a while.
The setup:
Superset is running inside an iframe - The purpose of this is because users
in the "parent system" have many distinct users in superset.
Nginx is the reverse proxy and Cloudflare is enabled.
I have Security manger class that checks cookies and logs the user in
automatically. This worked without issues until about 2 weeks ago.
I have disabled caching completely in Cloudflare and Nginx for the subdomain
superset is hosted on with the same results. I can verify in the browser all
the requests do not hit caches outside superset.
Are there other caching mechanisms in superset itself?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
