[I] when set WTF_CSRF_ENABLED = False , login to Superset still prompt: flask_wtf.csrf.CSRFError: "The CSRF session token is missing " [superset]

via GitHub Tue, 10 Oct 2023 01:14:32 -0700


wangrenjun-vs opened a new issue, #25587:
URL: https://github.com/apache/superset/issues/25587


   A clear and concise description of what the bug is.
   
   #### How to reproduce the bug
   
   1.  install superset 3.0 via pip3 
   2. init and start super 
   3. update superset_config.py   WTF_CSRF_ENABLED = False
   4. Open Brower  and login
   5. superset log show :"flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF 
session token is missing."
   ```
   2023-10-10 08:08:37,440:INFO:flask_wtf.csrf:The CSRF session token is 
missing.
   Refresh CSRF token error
   Traceback (most recent call last):
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 261, in protect
       validate_csrf(self._get_csrf_token())
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 103, in validate_csrf
       raise ValidationError("The CSRF session token is missing.")
   wtforms.validators.ValidationError: The CSRF session token is missing.
   
   During handling of the above exception, another exception occurred:
   
   Traceback (most recent call last):
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask/app.py", 
line 1482, in full_dispatch_request
       rv = self.preprocess_request()
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask/app.py", 
line 1974, in preprocess_request
       rv = self.ensure_sync(before_func)()
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 229, in csrf_protect
       self.protect()
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 264, in protect
       self._error_response(e.args[0])
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 307, in _error_response
       raise CSRFError(reason)
   flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF session token is missing.
   2023-10-10 08:08:37,440:WARNING:superset.views.base:Refresh CSRF token error
   Traceback (most recent call last):
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 261, in protect
       validate_csrf(self._get_csrf_token())
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 103, in validate_csrf
       raise ValidationError("The CSRF session token is missing.")
   wtforms.validators.ValidationError: The CSRF session token is missing.
   
   During handling of the above exception, another exception occurred:
   
   Traceback (most recent call last):
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask/app.py", 
line 1482, in full_dispatch_request
       rv = self.preprocess_request()
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask/app.py", 
line 1974, in preprocess_request
       rv = self.ensure_sync(before_func)()
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 229, in csrf_protect
       self.protect()
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 264, in protect
       self._error_response(e.args[0])
     File 
"/home/ec2-user/superset-v3/venv/lib64/python3.9/site-packages/flask_wtf/csrf.py",
 line 307, in _error_response
       raise CSRFError(reason)
   flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF session token is missing.
   2023-10-10 08:08:37,441:INFO:werkzeug:43.230.89.249 - - [10/Oct/2023 
08:08:37] "POST /login/ HTTP/1.1" 302 -
   2023-10-10 08:08:37,785:INFO:werkzeug:43.230.89.249 - - [10/Oct/2023 
08:08:37] "GET /login/ HTTP/1.1" 200 -
   ``` 
   
   ### Expected results
   
    can login success
   
   ### Actual results
   
   login failure ,remain on login page
   
   #### Screenshots
   
   
   
   
   ### Environment
   
   (please complete the following information):
   
   - browser type and version:
   - superset version: superset version
   - python version: 3.9.16
   - node.js version:  no node.js install
   - any feature flags active:
   
   ### Checklist
   
   Make sure to follow these steps before submitting your issue - thank you!
   
   - [ x ] I have checked the superset logs for python stacktraces and included 
it here as text if there are any.
   - [ x ] I have reproduced the issue with at least the latest released 
version of superset.
   - [ x ] I have checked the issue tracker for the same issue and I haven't 
found one similar.
   
   ### Additional context
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org

[I] when set WTF_CSRF_ENABLED = False , login to Superset still prompt: flask_wtf.csrf.CSRFError: "The CSRF session token is missing " [superset]

Reply via email to