dosubot[bot] commented on issue #37119: URL: https://github.com/apache/superset/issues/37119#issuecomment-3748116043
<!-- Greeting --> Hi @arthurworkspace! I'm [Dosu](https://go.dosu.dev/dosubot) and Iām helping the superset team. <!-- Answer --> The 403 Forbidden error on /api/v1/me/roles/ when embedding dashboards in Superset 6.0.0 is usually caused by stricter authentication and permission checks introduced in this version. The endpoint now requires a valid JWT guest token with the correct claims, and the embedding setup must be properly configured. Common causes include: missing or misconfigured guest token (wrong dashboard id/uuid, secret, audience, or expired token), dashboard not published or not enabled for embedding, missing allowed_domains for your embedding domain, or CORS/X-Frame-Options misconfiguration. Also, the dashboardId must be present in all form_data sent to the backend, and any row-level security rules should be reviewed for misconfiguration. Recent fixes (see [PR #31274](https://github.com/apache/superset/pull/31274) and [PR #36410](https://github.com/apache/superset/pull/36410)) ensure /api/v1/me/roles/ works with JWT tokens, but your token and embedding config must be correct for access to succeed. For a full checklist and troubleshooting steps, see [this discussion](https://github.com/apache/superset/discussions/33912) and [this issue](https://github.com/apache/superset/issues/33902). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=The%20403%20Forbidden%20error%20on%20/api/v1/me/roles/%20when%20embedding%20dashboards%20in%20Superset%206.0.0%20is%20usually%20caused%20by%20stricter%20authentication%20and%20permission%20checks%20introduced%20in%20this%20version.%20The%20endpoint%20now%20requires%20a%20valid%20JWT%20guest%20token%20with%20the%20correct%20claims%2C%20and%20the%20embedding%20setup%20must%20be%20properly%20configured.%20Common%20causes%20include%3A%20missing%20or%20misconfigured%20guest%20token%20%28wrong%20dashboard%20id/uuid%2C%20secret%2C%20audience%2C%20or%20expired%20token%29%2C%20dashboard%20not%20published%20or%20not%20enabled%20for%20embedding%2C%20missing%20allowed_domains%20for%20your%20embedding%20domain%2C%20or%20CORS/X-Frame-Options%20misconfiguration.% 20Also%2C%20the%20dashboardId%20must%20be%20present%20in%20all%20form_data%20sent%20to%20the%20backend%2C%20and%20any%20row-level%20security%20rules%20should%20be%20reviewed%20for%20misconfiguration.%20%0A%0ARecent%20fixes%20%28see%20%5BPR%20%2331274%5D%28https%3A//github.com/apache/superset/pull/31274%29%20and%20%5BPR%20%2336410%5D%28https%3A//github.com/apache/superset/pull/36410%29%29%20ensure%20/api/v1/me/roles/%20works%20with%20JWT%20tokens%2C%20but%20your%20token%20and%20embedding%20config%20must%20be%20correct%20for%20access%20to%20succeed.%20For%20a%20full%20checklist%20and%20troubleshooting%20steps%2C%20see%20%5Bthis%20discussion%5D%28https%3A//github.com/apache/superset/discussions/33912%29%20and%20%5Bthis%20issue%5D%28https%3A//github.com/apache/superset/issues/33902%29.) [](https://go.dosu.dev/discord-bot) [](http s://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/37119) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
