Re: [D] The issue regarding obtaining an Embedded Token [superset]

[via GitHub]

GitHub user dosubot[bot] added a comment to the discussion: The issue regarding 
obtaining an Embedded Token

<!-- Answer -->
The error happens because Superset sets the `X-Frame-Options` header to 
`sameorigin`, which blocks embedding in an iframe from a different origin. To 
allow embedding, update your `superset_config.py` to configure the Content 
Security Policy (CSP) with the `frame-ancestors` directive, listing the domains 
allowed to embed Superset. For example:

```python
TALISMAN_ENABLED = True
TALISMAN_CONFIG = {
    "content_security_policy": {
        "frame-ancestors": ["your-embedding-domain.com"],
    }
}
```
You can also override headers directly with `OVERRIDE_HTTP_HEADERS` if needed. 
After making these changes, restart Superset for them to take effect. Be aware 
that allowing cross-origin embedding can expose your dashboards to clickjacking 
and other risks—only allow trusted domains. For more details, see [this 
thread](https://github.com/apache/superset/issues/31434).

If you still have issues, check that your dashboard is published, the embedding 
domain is listed in `allowed_domains`, and review CORS and referrer policy 
settings as described 
[here](https://github.com/apache/superset/discussions/33912).


<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*

---
<sup>How did I do? 
[Good](https://app.dosu.dev/response-feedback/44d68cd0-ebe6-442a-b01a-7a4b6b65ab6c?feedback_type=great_response)
 | 
[Irrelevant](https://app.dosu.dev/response-feedback/44d68cd0-ebe6-442a-b01a-7a4b6b65ab6c?feedback_type=irrelevant_answer)
 | 
[Incorrect](https://app.dosu.dev/response-feedback/44d68cd0-ebe6-442a-b01a-7a4b6b65ab6c?feedback_type=incorrect_sources)
 | 
[Verbose](https://app.dosu.dev/response-feedback/44d68cd0-ebe6-442a-b01a-7a4b6b65ab6c?feedback_type=too_verbose)
 | 
[Hallucination](https://app.dosu.dev/response-feedback/44d68cd0-ebe6-442a-b01a-7a4b6b65ab6c?feedback_type=hallucination)
 | [Report 
🐛](https://app.dosu.dev/response-feedback/44d68cd0-ebe6-442a-b01a-7a4b6b65ab6c?feedback_type=bug_report)
 | 
[Other](https://app.dosu.dev/response-feedback/44d68cd0-ebe6-442a-b01a-7a4b6b65ab6c?feedback_type=other)</sup>&nbsp;&nbsp;[![Chat
 with 
Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github)&
 nbsp;[![Join 
Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share
 on 
X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/35670)

GitHub link: 
https://github.com/apache/superset/discussions/35670#discussioncomment-14694578

----
This is an automatically sent email for notifications@superset.apache.org.
To unsubscribe, please send an email to: 
notifications-unsubscr...@superset.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org