robshep opened a new issue, #29954:
URL: https://github.com/apache/superset/issues/29954
### Bug description
Fresh 4.0.2 launched using:
```
export TAG=4.0.2-dev
docker compose -f docker-compose-image-tag.yml up
```
Needed to adjust some settings to get auth working for embedded
authentication:
namely
```
FEATURE_FLAGS = {"ALERT_REPORTS": True, "EMBEDDED_SUPERSET": True,
"THUMBNAILS": True, "THUMBNAILS_SQLA_LISTENERS": True,}
GUEST_ROLE_NAME = "Gamma"
GUEST_TOKEN_JWT_EXP_SECONDS = 3600
WTF_CSRF_EXEMPT_LIST = ['superset.security.api.guest_token',
"superset.views.core.log",
"superset.views.core.explore_json",
"superset.charts.data.api.data"
]
TALISMAN_DEV_CONFIG = {
"content_security_policy": {
"base-uri": ["'self'"],
"default-src": ["'self'"],
"img-src": [
"'self'",
"blob:",
"data:",
"https://apachesuperset.gateway.scarf.sh";,
"https://static.scarf.sh/";,
"https://avatars.slack-edge.com";,
],
"worker-src": ["'self'", "blob:"],
"connect-src": [
"'self'",
"https://api.mapbox.com";,
"https://events.mapbox.com";,
],
"object-src": "'none'",
"style-src": [
"'self'",
"'unsafe-inline'",
],
"script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
},
"content_security_policy_nonce_in": ["script-src"],
"force_https": False,
"session_cookie_secure": False,
"frame_options": "ALLOW-FROM",
"frame_options_allow_from": "*"
}
THUMBNAIL_CACHE_CONFIG = CACHE_CONFIG
```
But whilst the sample dashboard "births" loads for for admin in the normal
web application... the embedded view just shows the following messages.
### How to reproduce the bug
Fresh 4.0.2 launched using:
```
export TAG=4.0.2-dev
docker compose -f docker-compose-image-tag.yml up
```
### Screenshots/recordings
_No response_
### Superset version
4.0.2
### Python version
I don't know
### Node version
I don't know
### Browser
Chrome
### Additional context
_No response_
### Checklist
- [X] I have searched Superset docs and Slack and didn't find a solution to
my problem.
- [X] I have searched the GitHub issue tracker and didn't find a similar bug
report.
- [X] I have checked Superset's logs for errors and if I found a relevant
Python stacktrace, I included it here as text in the "additional context"
section.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
