dosubot[bot] commented on issue #37700: URL: https://github.com/apache/superset/issues/37700#issuecomment-3853616416
<!-- Answer --> This is a known technical gap in Superset 6.0.0. Most user-facing views have been migrated to the React SPA and use render_app_template, but some legacy views—like the password reset forms—still use Flask-AppBuilder’s server-side render_template, which is why they remain accessible and render with the old SSR FAB UI when accessed directly by URL. This is due to the ongoing, incomplete migration from FAB to the new frontend architecture and is considered technical debt, not a bug or intentional feature. There’s currently no config or extension point to change this behavior; it requires backend/frontend code changes to fully migrate or restrict these views. Until the migration is complete, these legacy routes will remain accessible and SSR-rendered if hit directly by URL. For now, you can restrict access at the web server or with a Flask before_request hook if you need to block them in your deployment. [Reference](https://github.com/apache/superset/issues/32785) <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/da2fe34b-d380-459e-9611-a0c7d6c41b06?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/da2fe34b-d380-459e-9611-a0c7d6c41b06?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/da2fe34b-d380-459e-9611-a0c7d6c41b06?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/da2fe34b-d380-459e-9611-a0c7d6c41b06?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/da2fe34b-d380-459e-9611-a0c7d6c41b06?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/da2fe34b-d380-459e-9611-a0c7d6c41b06?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/da2fe34b-d380-459e-9611-a0c7d6c41b06?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=This%20is%20a%20known%20technical%20gap%20in%20Superset%206.0.0.%20Most%20user-facing%20views%20have%20been%20migrated%20to%20the%20React%20SPA%20and%20use%20render_app_template%2C%20but%20some%20legacy%20views%E2%80%94like%20the%20password%20reset%20forms%E2%80%94still%20use%20Flask-AppBuilder%E2%80%99s%20server-side%20render_template%2C%20which%20is%20why%20they%20remain%20accessible%20and%20render%20with%20the%20old%20SSR%20FAB%20UI%20when%20accessed%20directly%20by%20URL.%20This%20is%20due%20to%20the%20ongoing%2C%20incomplete%20migration%20from%20FAB%20to%20the%20new%20frontend%20architecture%20and%20is%20considered%20technical%20debt%2C%20not%20a%20bug%20or%20intentional%20feature.%20There%E2%80%99s%20currently%20no%20config%20or%20extension%2 0point%20to%20change%20this%20behavior%3B%20it%20requires%20backend/frontend%20code%20changes%20to%20fully%20migrate%20or%20restrict%20these%20views.%20Until%20the%20migration%20is%20complete%2C%20these%20legacy%20routes%20will%20remain%20accessible%20and%20SSR-rendered%20if%20hit%20directly%20by%20URL.%20For%20now%2C%20you%20can%20restrict%20access%20at%20the%20web%20server%20or%20with%20a%20Flask%20before_request%20hook%20if%20you%20need%20to%20block%20them%20in%20your%20deployment.%20%20%0A%5BReference%5D%28https%3A//github.com/apache/superset/issues/32785%29) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/37700) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
