Re: [PR] fix(embedded): add guest token to streaming exports [superset]

Wed, 03 Jun 2026 10:10:49 -0700 


aminghadersohi commented on code in PR #40712:
URL: https://github.com/apache/superset/pull/40712#discussion_r3350479730


##########
superset-frontend/src/components/StreamingExportModal/useStreamingExport.test.ts:
##########
@@ -238,6 +242,32 @@ const createPrefixTestMockFetch = () =>
     },
   });
 
+test('chart streaming export includes guest token in form body when 
configured', async () => {
+  SupersetClient.getGuestToken.mockReturnValue('guest-token');
+  const mockFetch = createPrefixTestMockFetch();
+  global.fetch = mockFetch;
+
+  const { result } = renderHook(() => useStreamingExport());
+
+  act(() => {
+    result.current.startExport({
+      url: '/api/v1/chart/data',
+      payload: { datasource: '1__table', viz_type: 'table' },
+      exportType: 'csv',
+    });
+  });
+
+  await waitFor(() => {
+    expect(mockFetch).toHaveBeenCalledTimes(1);
+  });
+
+  const request = mockFetch.mock.calls[0][1];
+  expect(request.body.get('guest_token')).toBe('guest-token');
+  expect(request.body.get('form_data')).toBe(
+    JSON.stringify({ datasource: '1__table', viz_type: 'table' }),
+  );
+});

Review Comment:
   **NIT:** The new test covers the token-present path, but no test (new or 
existing) explicitly asserts that `guest_token` is **absent** from the form 
body when `getGuestToken()` returns `undefined`. `beforeEach` resets the mock 
to `undefined` so all prior tests implicitly run without a token, but none 
assert the absence. A companion test or a single added assertion (e.g. 
`expect(request.body.get('guest_token')).toBeNull()` in an existing 
chart-export test) would guard against accidental token injection in a future 
refactor and make the boundary explicit.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to