GitHub user dosubot[bot] added a comment to the discussion: Can i embed list view superset in iframe?
<!-- Answer --> You can embed Superset's list views (like the dashboards, charts, or datasets list pages) in an iframe, but whether it works depends on your security configuration. Superset uses Flask-Talisman to set security headers, and by default, the Content Security Policy (CSP) may block embedding in iframes unless you explicitly allow it. To enable embedding, you need to set the `frame-ancestors` directive in your `TALISMAN_CONFIG` (in `superset_config.py`) to include the domain(s) where you want to embed Superset pages. There is no special restriction or exemption for list views—they follow the same CSP rules as other Superset pages. Authentication is still required for list views, so users will need to be logged in unless you have made those pages public, which is not typical for list views. The official embedding features and SDK are focused on dashboards, not list views, so you won't get features like guest tokens or standalone rendering for list pages. For more details, see the configu ration and security docs [here](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py#L1636-L1674) and [here](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/initialization/__init__.py#L249-L684). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/f8c20f6f-3fd8-4aab-831e-36e7bbbff4bc?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/f8c20f6f-3fd8-4aab-831e-36e7bbbff4bc?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/f8c20f6f-3fd8-4aab-831e-36e7bbbff4bc?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/f8c20f6f-3fd8-4aab-831e-36e7bbbff4bc?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/f8c20f6f-3fd8-4aab-831e-36e7bbbff4bc?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/f8c20f6f-3fd8-4aab-831e-36e7bbbff4bc?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/f8c20f6f-3fd8-4aab-831e-36e7bbbff4bc?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=You%20can%20embed%20Superset%27s%20list%20views%20%28like%20the%20dashboards%2C%20charts%2C%20or%20datasets%20list%20pages%29%20in%20an%20iframe%2C%20but%20whether%20it%20works%20depends%20on%20your%20security%20configuration.%20Superset%20uses%20Flask-Talisman%20to%20set%20security%20headers%2C%20and%20by%20default%2C%20the%20Content%20Security%20Policy%20%28CSP%29%20may%20block%20embedding%20in%20iframes%20unless%20you%20explicitly%20allow%20it.%20To%20enable%20embedding%2C%20you%20need%20to%20set%20the%20%60frame-ancestors%60%20directive%20in%20your%20%60TALISMAN_CONFIG%60%20%28in%20%60superset_config.py%60%29%20to%20include%20the%20domain%28s%29%20where%20you%20want%20to%20embed%20Superset%20pages.%20There%20is%20no%20special%20restriction%20or%20 exemption%20for%20list%20views%E2%80%94they%20follow%20the%20same%20CSP%20rules%20as%20other%20Superset%20pages.%20Authentication%20is%20still%20required%20for%20list%20views%2C%20so%20users%20will%20need%20to%20be%20logged%20in%20unless%20you%20have%20made%20those%20pages%20public%2C%20which%20is%20not%20typical%20for%20list%20views.%20The%20official%20embedding%20features%20and%20SDK%20are%20focused%20on%20dashboards%2C%20not%20list%20views%2C%20so%20you%20won%27t%20get%20features%20like%20guest%20tokens%20or%20standalone%20rendering%20for%20list%20pages.%20For%20more%20details%2C%20see%20the%20configuration%20and%20security%20docs%20%20%0A%5Bhere%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/config.py%23L1636-L1674%29%20and%20%20%0A%5Bhere%5D%28https%3A//github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/initialization/__init__.py%23L249-L684%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/37464) GitHub link: https://github.com/apache/superset/discussions/37464#discussioncomment-15613909 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
