Bug description

  1. On 6.0.0rc2
  2. With attached config overrides ( in the comment below )
  3. Start with docker compose -f docker-compose-non-dev.yml up --build -d
  4. Navigate to dashboards
  5. Open the Featured Charts dashboard
  6. Click on three dots -> then embed under some domain like https://mytestdomain.com
  7. Save
  8. Navigate to datasets
  9. Navigate to dashboards again
  10. Open the Featured Charts dashboard again
  11. Click on three dots -> embed Expected:
  12. The domains I added will be there Actual:
  13. The UI will show an empty input

Notes

  • The input can detect if you enter the same domain again and prevents you from saving, so it's just the UI not reflecting the saved data.
  • The console does not show any relevant errors

Screenshots/recordings

Loom

. https://www.loom.com/share/f81fbfccc5474d87b5891c2d195e32a8?sid=ea9d5541-eea4-4659-a370-e7528fa104ac

Superset version

master / latest-dev

Python version

Not applicable

Node version

Not applicable

Browser

Chrome

Additional context

No response

Checklist

  • [x] I have searched Superset docs and Slack and didn't find a solution to my problem.
  • [x] I have searched the GitHub issue tracker and didn't find a similar bug report.
  • [x] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

Comment From: hsein-bitar

Config

.env-local

SUPERSET_ENV=production

docker/pythonpath_dev/superset_config.py

SQLALCHEMY_ENGINE_OPTIONS = { "pool_size": 20, "max_overflow": 40, "pool_timeout": 60, "pool_recycle": 1800, "pool_pre_ping": True, }

FEATURE_FLAGS = { "ALERT_REPORTS": True, "EMBEDDABLE_CHARTS": True, "EMBEDDED_SUPERSET": True }

ENABLE_GUEST_TOKEN = True GUEST_TOKEN_JWT_AUDIENCE="superset" ALLOWED_DOMAINS = [ "https://mytestdomain.com"] ALLOWED_EMBEDDING_DOMAINS = [ "https://mytestdomain.com"] GUEST_TOKEN_JWT_SECRET="xxxxxxxxxxxxxxx" GUEST_ROLE_NAME = "Public" GUEST_TOKEN_JWT_EXP_SECONDS = 604800 EMBEDDED_SUPERSET = True SESSION_COOKIE_SAMESITE = "None" SESSION_COOKIE_SECURE = False SESSION_COOKIE_HTTPONLY = False WTF_CSRF_ENABLED = False ENABLE_UI_THEME_ADMINISTRATION = True ENABLE_TEMPLATE_PROCESSING = True

Comment From: dosubot[bot]

Hi @hsein-bitar! I'm Dosu and I’m helping the superset team.

The embed domain UI in Superset relies on both backend configuration and API responses. Domains set in your config (ALLOWED_DOMAINS, ALLOWED_EMBEDDING_DOMAINS) are referenced by the backend, but the dashboard embed modal UI expects to load the list of allowed domains from the API endpoint /api/v1/dashboard/{dashboardId}/embedded. If the UI doesn't show previously added domains, it's likely that the backend isn't including them in the API response, or the frontend isn't loading/displaying them correctly. The fact that duplicate domains are prevented suggests the backend is saving them, but the display logic may be missing a step or not syncing with the saved state. This disconnect is likely between backend serialization and frontend state management, not your config itself. Recent frontend changes (like PR #35062) updated extension setup logic but did not directly address this UI bug, so the issue may persist in the latest release. For more details on embedding config and API domain handling, see this discussion and this thread.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Chat with Dosu Join Discord Share on X

Comment From: rusackas

You might want to change/invalidate that GUEST_TOKEN_JWT_SECRET, since it's now part of the Git history here on the repo (though I've removed it from the display)

Agreed though that this UI would be super helpful. If you or anyone are willing to open a PR to enhance the experience, please feel free!