Re: [I] /embedded endpoint has too strict frame policy when Talisman is enabled [superset]

Fri, 10 Jan 2025 12:09:44 -0800 


dosubot[bot] commented on issue #27292:
URL: https://github.com/apache/superset/issues/27292#issuecomment-2583940285

   <!-- Answer -->
   To apply the changes suggested by the @dosubot, you should modify the 
`superset/embedded/view.py` file to include the `@talisman` decorator with the 
desired configuration for the `/embedded` endpoint. This allows you to set more 
relaxed `X-Frame-Options` specifically for this endpoint.
   
   Additionally, to use an embedded dashboard with `TALISMAN_ENABLED` set to 
`True`, you can configure your `superset_config.py` file as follows:
   
   ```python
   TALISMAN_ENABLED = True
   TALISMAN_CONFIG = {
       "content_security_policy": {
           "frame-ancestors": ["*.my-domain.com", "*.another-domain.com"],
       }
   }
   HTTP_HEADERS = {
       'X-Frame-Options': 'ALLOWALL'
   }
   ```
   
   This configuration allows embedding the dashboard by specifying the domains 
in `frame-ancestors` where the dashboard is allowed to be embedded. Make sure 
to replace the domain names with your actual domains. After making these 
changes, restart Superset to apply the new configuration 
<sup>[[1]](https://github.com/apache/superset/issues/31434)</sup>.
   
   
   <!-- Dosu Comment Footer -->
   *To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
   
   ---
   <sup>Help Dosu learn! Give it feedback: [Great 
Response](https://app.dosu.dev/response-feedback/257d91fc-03da-4320-bed2-d7266997edf8?feedback_type=great_response)
 | [Irrelevant 
Answer](https://app.dosu.dev/response-feedback/257d91fc-03da-4320-bed2-d7266997edf8?feedback_type=irrelevant_answer)
 | [Incorrect 
Sources](https://app.dosu.dev/response-feedback/257d91fc-03da-4320-bed2-d7266997edf8?feedback_type=incorrect_sources)
 | [Too 
Verbose](https://app.dosu.dev/response-feedback/257d91fc-03da-4320-bed2-d7266997edf8?feedback_type=too_verbose)
 | 
[Hallucination](https://app.dosu.dev/response-feedback/257d91fc-03da-4320-bed2-d7266997edf8?feedback_type=hallucination)
 | 
[Other](https://app.dosu.dev/response-feedback/257d91fc-03da-4320-bed2-d7266997edf8?feedback_type=other)</sup>
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to