dosubot[bot] commented on issue #33814: URL: https://github.com/apache/superset/issues/33814#issuecomment-2983618387
<!-- Greeting --> Hi @oleksii-revutskyi! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> This issue is often caused by proxy or cookie misconfiguration when running Superset behind a proxy or in Docker. Here are the most relevant things to check: - Make sure you have ENABLE_PROXY_FIX = True in your Superset config. This is crucial for correct CSRF and session handling behind a proxy or load balancer, as it ensures Superset interprets X-Forwarded headers properly [(source)](https://github.com/apache/superset/discussions/31584). - Set SESSION_COOKIE_SECURE = True if you are using HTTPS everywhere, or False if you are only using HTTP internally. If this is set incorrectly, cookies (including CSRF tokens) may not be sent or accepted by the browser [(source)](https://github.com/apache/superset/discussions/31584). - Double-check your browser and proxy settings for cookie handling, especially SameSite and Secure flags. If your proxy terminates SSL, make sure it forwards the correct headers and doesn't strip cookies. - If you want to disable CSRF for testing, ensure WTF_CSRF_ENABLED = False is set in the correct config file and is actually being picked up by the running container. Sometimes config changes are not picked up due to Docker caching or mounting issues [(source)](https://github.com/apache/superset/blob/a1cbd2578e24ed6c72024e1d1cf195846ace05d7/superset/config.py). - If you want to troubleshoot further, you can obtain the CSRF token programmatically using Superset’s API endpoint (search for "csrf" in the API docs) to see if the token is being generated and sent correctly [(source)](https://github.com/apache/superset/issues/32315). If you’re still seeing the issue after these checks, please share your Superset config (with secrets redacted) and details about your proxy setup. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/d8dacc4e-6d7f-47d7-a3f3-d68fa0b5170c?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [! [Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/33814) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
