GitHub user LiamTorrelli added a comment to the discussion: Apache Superset 6.0: Migration from Iframe Embedding to the Embedded SDK (@superset-ui/embedded-sdk)
403 loops during iframe→SDK migration were permission holes on the guest role for me, not bad embed code. I tightened Public/Gamma for zero-trust and then had to grant permission names I'd never heard of — `can log on Superset`, `can time range on Api`, that kind of thing. Skip one and the iframe just spins or 403s with no useful error (#38185 is the v6 shape I hit). Treat the guest-token endpoint like auth infrastructure. Checklist, tests — not "flip EMBEDDED_SUPERSET and ship Friday." Longer version with six other ways embeds break (cookies, filters, theme flash, etc.): https://drafted.work/blog/superset-iframe-embedding-problems GitHub link: https://github.com/apache/superset/discussions/38461#discussioncomment-17393172 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
