Apache Superset Height of an embedded Dashbaord

Make sure these boxes are checked before submitting your issue - thank you!

[x] I have checked the superset logs for python stacktraces and included it here as text if any
[x] I have reproduced the issue with at least the latest released version of superset
[x] I have checked the issue tracker for the same issue and I haven't found one similar

When I am trying to embed a dashboard into a webpage using an iframe, I am not able to determine the height of the iframe so that it exactly matches the height of the dashboard to prevent a scrollbar from appearing inside the iframe without cropping it. The dashboard and web page that contains the iframe are NOT on the same domain. And, Chrome doesn't support the "x-frame-options=ALLOW FROM ..."

Am I missing something ? Or, is this a feature request ?

I have also found a workaround but that involves the dashboard sending a cross-domain message upon changing it's height.

I'm not sure if I'm the only one not able to figure this out or no one else is asking this.

Superset version

0.25.6

Expected results

Uncropped dashboard

Actual results

Cropped dashboard

Steps to reproduce

iframe code

javascript code

The 2 errors I get in the console are 1- Invalid 'X-Frame-Options' header encountered when loading 'http://127.0.0.1:8088/superset/dashboard/5/?standalone=true': 'ALLOW-FROM http://127.0.0.1' is not a recognized directive. The header will be ignored.

2- Uncaught DOMException: Blocked a frame with origin "http://127.0.0.1:8000" from accessing a cross-origin frame. at resizeIFrameToFitContent (http://127.0.0.1:8000/scenario/:23:46) at HTMLIFrameElement.onload (http://127.0.0.1:8000/scenario/:11:118) resizeIFrameToFitContent @ (index):23 onload @ (index):11

Comment From: paritoshjchandran

The good thing about this is that we do not have to reinvent the wheel, all we need to do is add a javascript file from an existing library that sends the cross-domain message.

For example - This one It simply needs one .js file to be placed in the dashboard HTML which sends the message.

Comment From: paritoshjchandran

Never mind, I have figured it out... If anyone else needs help with this, drop me a message...

Comment From: ajgil

Have you modified HTTP_HEADERS on Superset config.py?

HTTP_HEADERS = {'X-Frame-Options': 'ALLOWALL'}

Comment From: paritoshjchandran

@ajgil Since it is based on Flask, I edited the dashboard template to include code that sends a cross domain message which contains the size of the page whenever the size of the page is changed... That way, even the frame stays relatively secure... I hope this helps...

Comment From: joseph-luketelo

I have a question that might be out of topic,

How do I render a dashboard into an iframe while avoiding the need to login to superset? I cannot use public dashboards here, so all my dashboards are private. I need iframes which are somehow "pre-logged into" the relevant user

Comment From: pallaviMN

@paritoshjchandran , Request you to provide full solution on this issue, we too tried to embed super set demo dashboard in one of our client app, and superset demo is having a scroll 1) Whether IframeResizer file need to be placed under which directory i.e iframeResizer.contentWindow.min or iframeResizer.min and where the reference of this file should be embedded 2) In which file "" will be called and where to include script to call "iFrameResize({ log: false }, '#supersetDemo');"</p> <p><strong>Comment From: paritoshjchandran</strong></p> <p>Wow... It's been a while since I have solved this one...</p> <p>I think what I did was, use the library I've attached in my previous comment, enabled cross-domain messaging of size and then resize the iframe using the code I've written in the original issue...</p> <p>Coming to your first question, I used Django, so, I had a location from where my static files are loaded... I then used that on the page that had the iframe... Which is pretty straight forward, so, not sure if I understood the question properly...</p> <p>Coming to your next question, "which file" and "where to include" that really depends on what exactly you are doing, what exactly you want and what framework you are using for the client's web pages... For me, it is straight forward in Django...</p> <p>I hope that helps...</p> <p><strong>Comment From: pallaviMN</strong></p> <p>@paritoshjchandran I was able to include iframeResizer.js in Ruby framework html file where "iframe" is added and with src being apache super set demo dashboard . I tried to use iframe content window resize in the apache superset where they have react JS code, there i am failing to load iframe.contentwindow.min.js and sometimes it resizes only width where as chart height remains same</p> <p><strong>Comment From: paritoshjchandran</strong></p> <p>I do not know Ruby or React, so, I can't help you there... But, what's your console saying ??</p> <p><strong>Comment From: KnightWorker37</strong></p> <p>A bit old but if you look at the superset embed SDK's <a href="https://github.com/apache/superset/blob/master/superset-embedded-sdk/src/index.ts#L79"><code>embedDashboard</code></a> it returns a callback: <code>js // ... return { getScrollSize, unmount, getDashboardPermalink, getActiveTabs, }; }</code></p> <p>So you can call it to get the height: ```js useEffect(() => { embedDashboard().then(async (dashboard) => { const { width, height } = await dashboard.getScrollSize(); // proceed to use height in your page! }); })</p> </div></div> <div class="column-side column-left"></div> <div class="column-side column-right"> <div class="toc-content"></div></div> </div> </div> <footer class="module footer_minimal"> <p class="copyright">©2025 Aurora Blog All rights reserved</p> <div class="text-secondary">Unless otherwise stated, works are licensed under <a target="_blank" href="https://creativecommons.org/licenses/by-nc-nd/4.0/">Attribution-NonCommercial-NoDerivatives 4.0 International</a>.</div> </footer>. <script src="https://blog.aisem.top/themes/minimal/assets/lib/highlightjs@11.5.1/highlight.min.js"></script> <script src="https://blog.aisem.top/themes/minimal/assets/js/main.min.js"></script> </body> </html>