MJ-06 commented on issue #40933: URL: https://github.com/apache/superset/issues/40933#issuecomment-4727042109
Thanks @sadpandajoe! Looking at `master`, it appears this has been addressed across two PRs by @richardfogaca: 1. **#40712** (merged Jun 5) — added `guest_token` to the streaming export form body 2. **#41004** (merged Jun 15) — skipped the CSRF token fetch for guest chart exports, since embedded guests can't reach `/api/v1/security/csrf_token/` and the CSRF await was blocking the export before the guest token could even be sent Note that #40712 alone was not sufficient — as #41004's description confirms, the CSRF fetch was still failing first for embedded sessions. The complete fix required both PRs. Neither fix is included in the 6.1.0 release (May 1). Is there a timeline for a patch release (6.1.1) or the next minor (6.2.0) that would pick these up? We're currently running 6.1.0 with `CSV_STREAMING_ROW_THRESHOLD = 0` as a workaround. If the fix is confirmed, this issue can be closed with a reference to both PRs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
