GitHub user dosubot[bot] added a comment to the discussion: 400 Bad Request: The CSRF session token is missing.
<!-- Answer --> To resolve the "400 Bad Request: The CSRF session token is missing" error in Apache Superset, ensure the following: 1. **Headers Configuration**: Make sure that all required headers are present, including the CSRF token and the Referer header. The Referer header must be properly set for HTTPS requests. 2. **CSRF Token Implementation**: Verify that the CSRF token is being correctly fetched from `/api/v1/security/csrf_token/` and ensure that the token is properly included in the request headers <sup>[[1]](https://github.com/apache/superset/discussions/31465)</sup>. Additionally, there are similar threads discussing this issue. One suggested solution is to adjust the session cookie settings in `superset/config.py`: - Set `SESSION_COOKIE_SAMESITE = None` to address the CSRF token issue when embedding Superset in an iframe. - If using HTTPS, ensure `SESSION_COOKIE_SAMESITE = "None"` and `SESSION_COOKIE_SECURE = True`. - If not using HTTPS, set `SESSION_COOKIE_SAMESITE = None`, `SESSION_COOKIE_SECURE = False`, and `SESSION_COOKIE_HTTPONLY = False` <sup>[[2]](https://github.com/apache/superset/issues/8382)</sup>. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* --- <sup>Help Dosu learn! Give it feedback: [Great Response](https://app.dosu.dev/response-feedback/a9bda567-5e74-46fd-bcfb-6008d2e879a0?feedback_type=great_response) | [Irrelevant Answer](https://app.dosu.dev/response-feedback/a9bda567-5e74-46fd-bcfb-6008d2e879a0?feedback_type=irrelevant_answer) | [Incorrect Sources](https://app.dosu.dev/response-feedback/a9bda567-5e74-46fd-bcfb-6008d2e879a0?feedback_type=incorrect_sources) | [Too Verbose](https://app.dosu.dev/response-feedback/a9bda567-5e74-46fd-bcfb-6008d2e879a0?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/a9bda567-5e74-46fd-bcfb-6008d2e879a0?feedback_type=hallucination) | [Bug Report](https://app.dosu.dev/response-feedback/a9bda567-5e74-46fd-bcfb-6008d2e879a0?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/a9bda567-5e74-46fd-bcfb-6008d2e879a0?feedback_type=other)</sup> GitHub link: https://github.com/apache/superset/discussions/32815#discussioncomment-12599502 ---- This is an automatically sent email for notifications@superset.apache.org. To unsubscribe, please send an email to: notifications-unsubscr...@superset.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
