Bug description
Even passing the correct parameters, it still asks for CSRF token, looks like a bug
How to reproduce the bug
"errors": [ { "message": "400 Bad Request: The CSRF token is missing.", "error_type": "GENERIC_BACKEND_ERROR", "level": "error", "extra": { "issue_codes": [ { "code": 1011, "message": "Issue 1011 - Superset encountered an unexpected error.
Screenshots/recordings
No response
Superset version
4.0.2
Python version
3.9
Node version
16
Browser
Chrome
Additional context
No response
Checklist
- [X] I have searched Superset docs and Slack and didn't find a solution to my problem.
- [X] I have searched the GitHub issue tracker and didn't find a similar bug report.
- [X] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
Comment From: dosubot[bot]
@lsfc02 Hello! I'm here to assist you with any bugs, questions, or contributions. Let me know how I can help while we wait for a human maintainer.
To resolve the CSRF token error when updating a chart via the /api/v1/chart/{pk} endpoint in Superset version 4.0.2, you need to include a valid CSRF token in your request. You can obtain the CSRF token from the api/v1/security/csrf_token/ endpoint.
Here is an example of how you can include the CSRF token in your request using Python and the requests library:
import requests
# URL to fetch the CSRF token
csrf_token_url = 'http://your-superset-instance/api/v1/security/csrf_token/'
# URL to update the chart
update_chart_url = 'http://your-superset-instance/api/v1/chart/{pk}'
# Fetch the CSRF token
response = requests.get(csrf_token_url)
csrf_token = response.json().get('result')
# Data to update the chart
data = {
# your chart update data here
}
# Headers including the CSRF token
headers = {
'Content-Type': 'application/json',
'X-CSRFToken': csrf_token
}
# Make the request to update the chart
response = requests.put(update_chart_url, json=data, headers=headers, cookies=response.cookies)
# Check the response
if response.status_code == 200:
print('Chart updated successfully')
else:
print('Failed to update chart:', response.content)
Make sure to replace http://your-superset-instance with the actual URL of your Superset instance and {pk} with the primary key of the chart you want to update.
The CSRF token endpoint is protected and requires proper permissions, as indicated in the superset/security/api.py file. Ensure that your user has the necessary permissions to access this endpoint.
Additionally, the ChartRestApi class in superset/charts/api.py includes the @protect() decorator on the put method, which ensures that CSRF protection is enforced. This means that including the CSRF token in your request headers is mandatory for successful updates [1][2][3][4].
To continue talking to Dosu, mention @dosu.
Comment From: mistercrunch
related: https://github.com/apache/superset/issues/19525
Comment From: rusackas
@lsfc02 are you still facing this issue (in 4.1.x or newer)? Do you think this is a duplicate of #19525?
Comment From: rusackas
This will be closed as inactive, if nobody's facing it this issue any more, or if we can't validate it being present in a supported version. Any takers for validation/reproduction?