[I] Apache Superset 6.0 - Embedded Dashboard [superset]

Thu, 22 Jan 2026 03:39:28 -0800 


ypandey-fluidata opened a new issue, #37364:
URL: https://github.com/apache/superset/issues/37364

   ### Bug description
   
   Bug description
   I am trying to embed my superset dashboard on a low code platform like 
(softr etc.) in a custom code block--
   Code:
   
   <script> async function fetchGuestTokenFromBackend(filter_value) { const 
response = await 
fetch(`http://test-studio-api.co/guest-token-rls?filter_value=${filter_value}`, 
options); const data = await response.json(); return data.token; } 
supersetEmbeddedSdk.embedDashboard({ id: '0837fd-38a-4d61-8f6b-0e605906f4', 
supersetDomain: 'https://test.studio.co', mountPoint: 
document.getElementById('superset-container'), fetchGuestToken: () => 
fetchGuestTokenFromBackend(window.logged_in_user.softr_user_email), 
dashboardUiConfig: { hideTitle: true, hideChartControls: true, }, }); const 
timestamp = Date.now() const dateObj = new Date(timestamp); 
last_refresh_time_obj = document.getElementById('last-refresh-timestamp') 
last_refresh_time_obj.innerHTML = `Last Updated: ${dateObj.toLocaleString()}` 
function refreshDashboard() { history.pushState({}, "", 
window.location.pathname); window.location.reload(); } </script>
   But we are facing issue with the code being visible through page inspect 
option the whole code is visible on frontend. Now i am concerned about the 
security aspect of exposing my full superset to the low
   code app user.
   
   ### Screenshots/recordings
   
   _No response_
   
   ### Superset version
   
   master / latest-dev
   
   ### Python version
   
   3.9
   
   ### Node version
   
   16
   
   ### Browser
   
   Chrome
   
   ### Additional context
   
   _No response_
   
   ### Checklist
   
   - [x] I have searched Superset docs and Slack and didn't find a solution to 
my problem.
   - [x] I have searched the GitHub issue tracker and didn't find a similar bug 
report.
   - [x] I have checked Superset's logs for errors and if I found a relevant 
Python stacktrace, I included it here as text in the "additional context" 
section.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to