Bug description

const SupersetDashboard = ({ dashboardId }: any) => { useEffect(() => { const mountPoint = document.getElementById('superset-container'); if (!mountPoint) return; embedDashboard({ id: dashboardId, supersetDomain: SUPERSET_DOMAIN, mountPoint, fetchGuestToken: () => getToken(dashboardId), dashboardUiConfig: { // hideTitle: true, // hideTab:true filters: { expanded: false, }, // urlParams: { // standalone: 3, // here you can add the url_params and there values // }, }, }); var iframe = document.querySelector('iframe'); if (iframe) { iframe.style.width = '100%'; // Set the width of the iframe iframe.style.minHeight = '85vh'; // Set the height of the iframe iframe.style.border = 'none'; } }, []);

return

; };

export default SupersetDashboard; here is the function that implementing this superset npm module.

Screenshots/recordings

No response

Superset version

master / latest-dev

Python version

3.9

Node version

16

Browser

Chrome

Additional context

No response

Checklist

  • [x] I have searched Superset docs and Slack and didn't find a solution to my problem.
  • [x] I have searched the GitHub issue tracker and didn't find a similar bug report.
  • [ ] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

Comment From: rajuw892

Image this what i'm getting

Comment From: dosubot[bot]

Hey @rajuw892! I'm here to help you with any issues you're facing. I can assist with bug fixes, answer questions, and even guide you on becoming a contributor. Let me know how I can assist you!

The issue you're experiencing with Superset pages being flagged as malicious on Chrome is likely related to Scarf telemetry requests. To resolve this, you can disable the Scarf gateway telemetry by setting the SCARF_ANALYTICS environment variable to false in your deployment configuration. This should prevent the telemetry requests that are causing the security warnings. If you want to keep telemetry functionality, you can adjust your network settings to allow the tracking pixel. After making these changes, you should request a Google security review to clear the dangerous site warnings [1][2].

To continue talking to Dosu, mention @dosu.

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other

Comment From: rajuw892

@dosu Can you please specify , i have to put this in my environment variable and where to change in code ?, i'm using docker and nginx to host my website

Comment From: dosubot[bot]

To disable the Scarf telemetry in your Docker and Nginx setup, you need to set the SCARF_ANALYTICS environment variable to false. You can do this by modifying the docker/.env file. Add or update the following line in the file:

SCARF_ANALYTICS=false

This change will apply to all Docker images used by docker compose and will disable the Scarf telemetry pixel [1][2].

To continue talking to Dosu, mention @dosu.

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other

Comment From: rajuw892

understood but by only putting this in .env will solve the problem ? @dosu

Comment From: dosubot[bot]

Yes, setting SCARF_ANALYTICS=false in the .env file will solve the problem of Superset pages being flagged as malicious on Chrome. This action disables the Scarf gateway telemetry that is causing the security warnings. Make sure this environment variable is set in your deployment configuration if you are using official registry containers with a precompiled frontend [1].

To continue talking to Dosu, mention @dosu.

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other

Comment From: rajuw892

but in emmeded npm module where SCARF_ANALYTICS is being used ? @dosu

Comment From: dosubot[bot]

In the embedded npm module, the SCARF_ANALYTICS environment variable is used in the TelemetryPixel.test.tsx file. It determines whether a telemetry pixel link should be rendered. When SCARF_ANALYTICS is set to 'true', the test checks for the presence of an image with a source containing "scarf.sh". Conversely, when set to 'false', the test ensures that such an image is not present [1].

To continue talking to Dosu, mention @dosu.

Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other

Comment From: rusackas

Are we sure it's Scarf causing the issue? Can you expand on what's under the "show details" on the warning?

Comment From: kakoni

If 1) PLAYWRIGHT_REPORTS_AND_THUMBNAILS is enabled 2) Superset worker container has limited/restricted access to outside world/Internet

Then => You will get timeout error when worker tries to do a screenshot for report. This is caused by the TelemetryPixel, because chromium cannot access apachesuperset.gateway.scarf.sh correctly.

Comment From: msyavuz

Closing this as we don't seem to have much activity around. If anyone wants to give it a go to reproduce and potentially fix this feel free to reopen, thanks!