Alvie commented on issue #8382:
URL: https://github.com/apache/superset/issues/8382#issuecomment-1690197367
> I am still getting the same error even after applying all the
configurations.
>
> I have tried setting `SESSION_COOKIE_SAMESITE = "None" ` and
`SESSION_COOKIE_SAMESITE = None `. I am using HTTPS and I don't want to disable
CSRF. I am getting below error
>
> ```
> "{\"errors\": [{\"message\": \"400 Bad Request: The CSRF session token is
missing.\", \"error_type\": \"GENERIC_BACKEND_ERROR\", \"level\": \"error\",
\"extra\": {\"issue_codes\": [{\"code\": 1011, \"message\": \"Issue 1011 -
Superset encountered an unexpected error.\"}]}}]}
> ```
>
> It is working fine when i am trying to call API from Postman. However, in
the app, I keep getting the same error. I have also attached
`"Referer"=>"https://mydomain/api/v1/security/csrf_token/`.
In the "app", when you get the CSRF Token, it responds with a Set-Cookie
header alongside the token. You need to use that same cookie when requesting
the guest token.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org
