GitHub user dosubot[bot] added a comment to the discussion: The issue regarding obtaining an Embedded Token
<!-- Answer --> The CSRF token error happens because the `/api/v1/security/guest_token/` endpoint is protected by CSRF middleware, so POST requests must include a valid CSRF token in the headers. You can fetch the token by making a GET request to `/api/v1/security/csrf_token/` and then include it in your POST request headers as `X-CSRFToken` (or as a cookie, depending on your setup) [source](https://github.com/apache/superset/discussions/31465). If you want to disable CSRF protection for this endpoint (for example, in API-based embedding scenarios), you can add its identifier to the `WTF_CSRF_EXEMPT_LIST` in your `superset_config.py` file. The identifier is likely `'superset.security.api.guest_token'` [source](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py). This will exempt the endpoint from CSRF checks, but be aware of the security implications. For most setups, the recommended approach is to fetch the CSRF token and include it in your request. Also, make sure the `Referer` header is set correctly if you're using HTTPS [source](https://github.com/apache/superset/discussions/31465). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/947b3f49-7cc6-451d-b82e-efae5c0692e4?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/947b3f49-7cc6-451d-b82e-efae5c0692e4?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/947b3f49-7cc6-451d-b82e-efae5c0692e4?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/947b3f49-7cc6-451d-b82e-efae5c0692e4?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/947b3f49-7cc6-451d-b82e-efae5c0692e4?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/947b3f49-7cc6-451d-b82e-efae5c0692e4?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/947b3f49-7cc6-451d-b82e-efae5c0692e4?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)& nbsp;[](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35670) GitHub link: https://github.com/apache/superset/discussions/35670#discussioncomment-14693470 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
