Bug description

Summary

The "Embed dashboard" option does not appear in the dashboard menu, even after enabling all necessary configuration flags.
Using Superset 5.0.0rc2 via Docker (apache/superset:5.0.0rc2), with a dashboard created and published, but the embed menu is missing.

Superset version / env

  • Superset version: 5.0.0-rc2 (apache/superset:5.0.0rc2)
  • Deployment: Docker (custom image)
  • Feature flags enabled: ```config.py

EMBEDDED_SUPERSET= True GUEST_TOKEN= True, FEATURE_FLAGS = { "EMBEDDED_SUPERSET": True "GUEST_TOKEN": True, }

Steps to reproduce

Enable EMBEDDED_SUPERSET and GUEST_TOKEN in config.py

  1. Run superset init and restart the container
  2. Create and publish a dashboard
  3. Open the dashboard view or list page
  4. Check for "Embed dashboard" option in the dropdown menu

Expected result

"Embed dashboard" option should appear in the dashboard action menu (to allow generating embed code or guest token preview)

Actual result

The embed option is missing from the dashboard menu, even though:

  • The dashboard is published
  • All required feature flags are enabled
  • The user has admin permissions

Additional context

Tested with both Chrome and Firefox. Also tried clearing browser cache, restarting containe. No errors appear in logs related to feature flags or menu rendering.

Request

Please confirm if any additional configuration or permission changes are required in Superset 5.0.0rc2 for the "Embed dashboard" option to appear

Screenshots/recordings

No response

Superset version

apache/superset:5.0.0rc2

Browser

Chrome

Additional context

No response

Checklist

  • [ ] I have searched Superset docs and Slack and didn't find a solution to my problem.
  • [ ] I have searched the GitHub issue tracker and didn't find a similar bug report.
  • [ ] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

Comment From: dosubot[bot]

The "Embed dashboard" option only appears if both the EMBEDDED_SUPERSET feature flag is enabled and the user has the can_set_embedded permission on the Dashboard. Even with admin rights, this permission may not be present by default in all roles or custom configurations. The menu item is also only visible when not in edit mode. The GUEST_TOKEN flag is not required for the menu to show—it is used for authentication flows, not UI visibility.

To resolve this, check that your user or role has the can_set_embedded permission for the Dashboard model. You can do this in Security > List Roles, then edit your role and ensure can_set_embedded under the Dashboard permissions is enabled. Once this is set and EMBEDDED_SUPERSET is true, the option should appear in the dashboard menu when not in edit mode
(source, source).

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Join Discord Share on X

Comment From: chandug1991

Thank you for your response.

Yes, I have logged in as an Admin user with the Admin role, and the Admin role has all permissions, including can_set_embedded on the Dashboard. Also, EMBEDDED_SUPERSET = True is already set in the config.py file. Still, the "Embed dashboard" option is not appearing in the dashboard menu (outside of edit mode).

Below is the screenshot for your reference,

Image

Comment From: dosubot[bot]

Given your setup, the "Embed dashboard" option should appear if both the EMBEDDED_SUPERSET feature flag is enabled and your role has the can_set_embedded permission on the Dashboard. Since you've confirmed both, here are a few things to check next:

  1. Make sure the feature flag is actually active in the frontend. Open your browser's developer console and run window.featureFlags—you should see EMBEDDED_SUPERSET: true in the output. If not, the frontend may not be picking up your config changes, which can happen if the container wasn't fully rebuilt or the config file isn't mounted correctly [source].

  2. The "Embed dashboard" menu item only shows up when not in edit mode and when the dashboard header is visible. If you are using any embedding or URL parameters that hide the dashboard header (like hideTitle), the menu won't appear [source].

  3. If you have customized roles or permissions, double-check that your user is not missing any other required permissions and that there are no conflicting settings.

If all of the above look correct and the option is still missing, there may be a frontend caching or initialization issue. Try a hard refresh (Ctrl+Shift+R), or clear your browser cache and restart the container again. If the problem persists, it could be a rare regression in this release, but there are no known issues matching this in 5.0.0rc2.

Let me know what you find in the window.featureFlags output or if you see anything unusual in the browser console.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Join Discord Share on X

Comment From: chandug1991

Looks like i am getting "EMBEDDED_SUPERSET": false, even though i am updating the config.py file. Could you please guide me why config.py is not considering in docker

below is my

docker-compose.yaml,

version: '3.7'

services: supersetV5: build: context: . dockerfile: Dockerfile # Custom Dockerfile to install extra Python packages image: custom-superset:5.0.0rc2 container_name: supersetV5 environment: - SUPERSET_SECRET_KEY=CS5d0wf69nGigVQ24 ports: - "8089:8088" command: > sh -c " superset db upgrade && if [ ! -f /app/superset_home/.admin_created ]; then superset fab create-admin --username admin --firstname Superset --lastname Admin --email admin@superset.com --password admin && touch /app/superset_home/.admin_created; fi && superset init && superset run -h 0.0.0.0 -p 8088 --with-threads --reload " volumes: - ./superset_data:/app/superset_home - ./superset_config/config.py:/app/superset/config.py networks: - superset-network

networks: superset-network: external: true driver: bridge attachable: true

config.py,

DEFAULT_FEATURE_FLAGS: dict[str, bool] = { # Experimental feature introducing a client (browser) cache "CLIENT_CACHE": False, # deprecated "DISABLE_DATASET_SOURCE_EDIT": False, # deprecated # When using a recent version of Druid that supports JOINs turn this on "DRUID_JOINS": False, "DYNAMIC_PLUGINS": False, # With Superset 2.0, we are updating the default so that the legacy datasource # editor no longer shows. Currently this is set to false so that the editor # option does show, but we will be depreciating it. "DISABLE_LEGACY_DATASOURCE_EDITOR": True, # For some security concerns, you may need to enforce CSRF protection on # all query request to explore_json endpoint. In Superset, we use # flask-csrf <https://sjl.bitbucket.io/flask-csrf/> add csrf protection # for all POST requests, but this protection doesn't apply to GET method. # When ENABLE_EXPLORE_JSON_CSRF_PROTECTION is set to true, your users cannot # make GET request to explore_json. explore_json accepts both GET and POST request. # See PR 7935 <https://github.com/apache/superset/pull/7935> for more details. "ENABLE_EXPLORE_JSON_CSRF_PROTECTION": False, # deprecated "ENABLE_TEMPLATE_PROCESSING": True, "ENABLE_TEMPLATE_REMOVE_FILTERS": True, # deprecated # Allow for javascript controls components # this enables programmers to customize certain charts (like the # geospatial ones) by inputting javascript in controls. This exposes # an XSS security vulnerability "ENABLE_JAVASCRIPT_CONTROLS": True, "KV_STORE": False, # When this feature is enabled, nested types in Presto will be # expanded into extra columns and/or arrays. This is experimental, # and doesn't work with all nested types. "PRESTO_EXPAND_DATA": False, # Exposes API endpoint to compute thumbnails "THUMBNAILS": False, "DASHBOARD_CACHE": False, # deprecated "REMOVE_SLICE_LEVEL_LABEL_COLORS": False, # deprecated "SHARE_QUERIES_VIA_KV_STORE": False, "TAGGING_SYSTEM": False, "SQLLAB_BACKEND_PERSISTENCE": True, "LISTVIEWS_DEFAULT_CARD_VIEW": False, # When True, this escapes HTML (rather than rendering it) in Markdown components "ESCAPE_MARKDOWN_HTML": False, "DASHBOARD_NATIVE_FILTERS": True, # deprecated "DASHBOARD_CROSS_FILTERS": True, # Feature is under active development and breaking changes are expected "DASHBOARD_NATIVE_FILTERS_SET": True, # deprecated "DASHBOARD_FILTERS_EXPERIMENTAL": True, # deprecated "DASHBOARD_VIRTUALIZATION": False, "GLOBAL_ASYNC_QUERIES": False, "VERSIONED_EXPORT": True, # deprecated "EMBEDDED_SUPERSET": True, # Enables Alerts and reports new implementation "ALERT_REPORTS": False, "DASHBOARD_RBAC": False, "ENABLE_EXPLORE_DRAG_AND_DROP": True, # deprecated "ENABLE_ADVANCED_DATA_TYPES": False, # Enabling ALERTS_ATTACH_REPORTS, the system sends email and slack message # with screenshot and link # Disables ALERTS_ATTACH_REPORTS, the system DOES NOT generate screenshot # for report with type 'alert' and sends email and slack message with only link; # for report with type 'report' still send with email and slack message with # screenshot and link "ALERTS_ATTACH_REPORTS": True, # Allow users to export full CSV of table viz type. # This could cause the server to run out of memory or compute. "ALLOW_FULL_CSV_EXPORT": True, "GENERIC_CHART_AXES": True, # deprecated "ALLOW_ADHOC_SUBQUERY": False, "USE_ANALAGOUS_COLORS": False, # Apply RLS rules to SQL Lab queries. This requires parsing and manipulating the # query, and might break queries and/or allow users to bypass RLS. Use with care! "RLS_IN_SQLLAB": True, # Enable caching per impersonation key (e.g username) in a datasource where user # impersonation is enabled "CACHE_IMPERSONATION": False, # Enable caching per user key for Superset cache (not database cache impersonation) "CACHE_QUERY_BY_USER": False, # Enable sharing charts with embedding "EMBEDDABLE_CHARTS": True, "DRILL_TO_DETAIL": True, "DRILL_BY": True, "DATAPANEL_CLOSED_BY_DEFAULT": False, "HORIZONTAL_FILTER_BAR": False, # The feature is off by default, and currently only supported in Presto and Postgres, # and Bigquery. # It also needs to be enabled on a per-database basis, by adding the key/value pair # cost_estimate_enabled: true to the database extra attribute. "ESTIMATE_QUERY_COST": False, # Allow users to enable ssh tunneling when creating a DB. # Users must check whether the DB engine supports SSH Tunnels # otherwise enabling this flag won't have any effect on the DB. "SSH_TUNNELING": False, "AVOID_COLORS_COLLISION": True, # Set to False to only allow viewing own recent activity # or to disallow users from viewing other users profile page # Do not show user info or profile in the menu "MENU_HIDE_USER_INFO": False, # Allows users to add a superset:// DB that can query across databases. This is # an experimental feature with potential security and performance risks, so use with # caution. If the feature is enabled you can also set a limit for how much data is # returned from each database in the SUPERSET_META_DB_LIMIT configuration value # in this file. "ENABLE_SUPERSET_META_DB": True, # Set to True to replace Selenium with Playwright to execute reports and thumbnails. # Unlike Selenium, Playwright reports support deck.gl visualizations # Enabling this feature flag requires installing "playwright" pip package "PLAYWRIGHT_REPORTS_AND_THUMBNAILS": False, }

FEATURE_FLAGS = { "EMBEDDED_SUPERSET": True }

for your reference, below is the thing i got with window.featureFlags

{ "DRUID_JOINS": false, "DYNAMIC_PLUGINS": false, "ENABLE_TEMPLATE_PROCESSING": false, "ENABLE_JAVASCRIPT_CONTROLS": false, "PRESTO_EXPAND_DATA": false, "THUMBNAILS": false, "ENABLE_DASHBOARD_SCREENSHOT_ENDPOINTS": false, "ENABLE_DASHBOARD_DOWNLOAD_WEBDRIVER_SCREENSHOT": false, "TAGGING_SYSTEM": false, "SQLLAB_BACKEND_PERSISTENCE": true, "LISTVIEWS_DEFAULT_CARD_VIEW": false, "ESCAPE_MARKDOWN_HTML": false, "DASHBOARD_VIRTUALIZATION": true, "GLOBAL_ASYNC_QUERIES": false, "EMBEDDED_SUPERSET": false, "ALERT_REPORTS": false, "ALERT_REPORT_TABS": false, "ALERT_REPORT_SLACK_V2": false, "DASHBOARD_RBAC": false, "ENABLE_ADVANCED_DATA_TYPES": false, "ALERTS_ATTACH_REPORTS": true, "ALLOW_FULL_CSV_EXPORT": false, "ALLOW_ADHOC_SUBQUERY": false, "USE_ANALOGOUS_COLORS": false, "RLS_IN_SQLLAB": false, "OPTIMIZE_SQL": false, "IMPERSONATE_WITH_EMAIL_PREFIX": false, "CACHE_IMPERSONATION": false, "CACHE_QUERY_BY_USER": false, "EMBEDDABLE_CHARTS": true, "DRILL_TO_DETAIL": true, "DRILL_BY": true, "DATAPANEL_CLOSED_BY_DEFAULT": false, "HORIZONTAL_FILTER_BAR": false, "ESTIMATE_QUERY_COST": false, "SSH_TUNNELING": false, "AVOID_COLORS_COLLISION": true, "MENU_HIDE_USER_INFO": false, "ENABLE_SUPERSET_META_DB": false, "PLAYWRIGHT_REPORTS_AND_THUMBNAILS": false, "CHART_PLUGINS_EXPERIMENTAL": false, "SQLLAB_FORCE_RUN_ASYNC": false, "ENABLE_FACTORY_RESET_COMMAND": false, "SLACK_ENABLE_AVATARS": false, "DATE_FORMAT_IN_EMAIL_SUBJECT": false }

Comment From: dosubot[bot]

Your config changes aren't being picked up because Superset in Docker doesn't use /app/superset/config.py for overrides. Instead, you should place your custom config as superset_config_docker.py in ./docker/pythonpath_dev/ on your host. This file is automatically loaded because /app/docker/pythonpath_dev is in the PYTHONPATH in Docker Compose setups, and it's imported by the default Docker config loader. Placing config.py elsewhere (like /app/superset/config.py) won't work unless you set the SUPERSET_CONFIG_PATH environment variable to point to it, but the recommended approach is to use superset_config_docker.py for Docker Compose setups source.

So:
1. Move your config (with EMBEDDED_SUPERSET = True) to ./docker/pythonpath_dev/superset_config_docker.py
2. Rebuild and restart your containers:
docker compose down -v docker compose up 3. Check window.featureFlags again.

This should make EMBEDDED_SUPERSET show as true in the frontend. If you want to use a different path, set the SUPERSET_CONFIG_PATH env variable to the full path of your config file inside the container source.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Join Discord Share on X

Comment From: chandug1991

@dosu,

Below is what I tried, but no luck, it is not considering the updated config.py file in the window.featureFlags. Please could you suggest the needful?

Docker Terminal:

Image

Below is the "echo $PYTHONPATH"

Image

Approached i tried.

  • I tried copying the config.py file under pythonpath folder -> Result no luck.
  • I tried overriding the config.py file under supert folder -> Result no luck.
  • i tried renaming the config.py to superset_config.py and copied under pythonpath folder -> Result no luck.

Comment From: dosubot[bot]

Superset in Docker does not use /app/superset/config.py or /app/pythonpath/superset_config.py for overrides by default. Instead, for Docker Compose setups, you should place your config as superset_config_docker.py in ./docker/pythonpath_dev/ on your host. This directory is mounted as /app/pythonpath in the container and is included in the PYTHONPATH, so Superset will automatically import your overrides if you use this path.

After placing your config in ./docker/pythonpath_dev/superset_config_docker.py, run docker compose down -v and then docker compose up to rebuild and restart the containers. Then check window.featureFlags in the browser console—EMBEDDED_SUPERSET should now be true if your config is loaded correctly.

If you want to use a different path or filename, you must set the SUPERSET_CONFIG_PATH environment variable to the full path of your config file inside the container (e.g., /app/superset_config.py) and rebuild/restart the container. See the official docs for more details.

Mounting or copying config files to other locations (like /app/superset/config.py) will not work unless you explicitly set SUPERSET_CONFIG_PATH to point to that file.

If you follow these steps and still see EMBEDDED_SUPERSET: false, double-check that your config file is valid Python, that the container is rebuilt, and that there are no errors in the Superset logs during startup.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Join Discord Share on X

Comment From: chandug1991

After applying all the below changes in the superset_config file, its starts working. thanks

import flask_cors from typing import Any, Callable, Literal, TYPE_CHECKING, TypedDict from flask_talisman import Talisman

FEATURE_FLAGS = { "DASHBOARD_CROSS_FILTERS" : True, "EMBEDDABLE_CHARTS": True, "EMBEDDED_SUPERSET": True } ENABLE_GUEST_TOKEN = True GUEST_ROLE_NAME = "Gamma" TALISMAN_ENABLED = False Talisman = { # leave all the defaults, just extend CSP "content_security_policy": { "default-src": ["'self'", "http://localhost:3000"], "script-src": ["'self'", "'unsafe-inline'", "'unsafe-eval'"], "style-src": ["'self'", "'unsafe-inline'"], "img-src": ["'self'", "data:", "blob:"], # allow the React origin to embed us "frame-ancestors": ["http://localhost:3000"], }, # drop the legacy X-Frame-Options header entirely "frame_options": None } OVERRIDE_HTTP_HEADERS = {"X-Frame-Options": "ALLOWALL"} ENABLE_CORS = True CORS_OPTIONS = { 'supports_credentials': True, 'allow_headers': [''], 'resources': {r"/": {"origins": ["http://localhost:3000"]}}, 'origins': ['*', 'http://localhost:8089', 'http://localhost:3000'] } WTF_CSRF_ENABLED = False ALLOWED_DOMAINS = ["localhost:3000"] ALLOWED_EMBEDDING_DOMAINS = ['localhost:3000']