GitHub user dosubot[bot] added a comment to the discussion: Superset 6.0 Embedded Dashboard: /api/v1/me/roles/ API returns 403 Forbidden
<!-- Greeting --> Hi @arthurworkspace! I'm [Dosu](https://go.dosu.dev/dosubot) and Iām helping the superset team. <!-- Answer --> The 403 Forbidden error on /api/v1/me/roles/ when embedding dashboards in Superset 6.0.0 is usually caused by stricter authentication and permission checks introduced in this version. The endpoint now requires a valid JWT guest token with the correct claims, and the embedding setup must be properly configured. Common causes include: missing or misconfigured guest token (wrong dashboard id/uuid, secret, audience, or expired token), dashboard not published or not enabled for embedding, missing allowed_domains for your embedding domain, or CORS/X-Frame-Options misconfiguration. Also, the dashboardId must be present in all form_data sent to the backend, and any row-level security rules should be reviewed for misconfiguration. Recent fixes (see [PR #31274](https://github.com/apache/superset/pull/31274) and [PR #36410](https://github.com/apache/superset/pull/36410)) ensure /api/v1/me/roles/ works with JWT tokens, but your token and embedding config must be correct for access to succeed. For a full checklist and troubleshooting steps, see [this discussion](https://github.com/apache/superset/discussions/33912) and [this issue](https://github.com/apache/superset/issues/33902). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/97e705f4-5022-4354-9f93-5ef31f588a96?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=The%20403%20Forbidden%20error%20on%20/api/v1/me/roles/%20when%20embedding%20dashboards%20in%20Superset%206.0.0%20is%20usually%20caused%20by%20stricter%20authentication%20and%20permission%20checks%20introduced%20in%20this%20version.%20The%20endpoint%20now%20requires%20a%20valid%20JWT%20guest%20token%20with%20the%20correct%20claims%2C%20and%20the%20embedding%20setup%20must%20be%20properly%20configured.%20Common%20causes%20include%3A%20missing%20or%20misconfigured%20guest%20token%20%28wrong%20dashboard%20id/uuid%2C%20secret%2C%20audience%2C%20or%20expired%20token%29%2C%20dashboard%20not%20published%20or%20not%20enabled%20for%20embedding%2C%20missing%20allowed_domains%20for%20your%20embedding%20domain%2C%20or%20CORS/X-Frame-Options%20misconfiguration.%20A lso%2C%20the%20dashboardId%20must%20be%20present%20in%20all%20form_data%20sent%20to%20the%20backend%2C%20and%20any%20row-level%20security%20rules%20should%20be%20reviewed%20for%20misconfiguration.%20%0A%0ARecent%20fixes%20%28see%20%5BPR%20%2331274%5D%28https%3A//github.com/apache/superset/pull/31274%29%20and%20%5BPR%20%2336410%5D%28https%3A//github.com/apache/superset/pull/36410%29%29%20ensure%20/api/v1/me/roles/%20works%20with%20JWT%20tokens%2C%20but%20your%20token%20and%20embedding%20config%20must%20be%20correct%20for%20access%20to%20succeed.%20For%20a%20full%20checklist%20and%20troubleshooting%20steps%2C%20see%20%5Bthis%20discussion%5D%28https%3A//github.com/apache/superset/discussions/33912%29%20and%20%5Bthis%20issue%5D%28https%3A//github.com/apache/superset/issues/33902%29.) [](https://go.dosu.dev/discord-bot) [](https:/ /twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/37119) GitHub link: https://github.com/apache/superset/discussions/37406#discussioncomment-15584978 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
