'Superset iframe login redirect

I'm trying to understand how one should be able to insert Superset's dashboards and charts inside another application. At the moment I am at this step: I have inserted the iframe of a chart inside my html page and I am presented with Superset login page; after I insert the credentials I am redirected again on the login page, without ever seeing the chart. What am I doing wrong ? Am I missing part of the picture here ?

Here's my superset_config.py

import logging
import os

SQLALCHEMY_DATABASE_URI="mysql+pymysql://superset:[email protected]:3306/superset"

REDIS_HOST="localhost"
REDIS_PORT=6379

# Will allow user self registration, allowing to create Flask users from Authorized User
AUTH_USER_REGISTRATION = True

# The default user self registration role
AUTH_USER_REGISTRATION_ROLE = "Public"

# Flask-WTF flag for CSRF
WTF_CSRF_ENABLED = False

And here's the basic html page I built with the iframe

<!DOCTYPE html>
<html>
<body>

<h1>iframe integration</h1>

<iframe
  width="800"
  height="800"
  seamless
  frameBorder="0"
  scrolling="yes"
  src="http://<remote server hostname>:8088/superset/explore/?r=2&standalone=true&height=400"
>
</iframe>

</body>
</html>

When I enter the html page from Firefox I see the login page, like in the picture below

enter image description here

When I insert the credentials I am redirected to the same login page.

This is what I see from Superset's logs

INFO:werkzeug:<my ip>- - [07/Apr/2021 13:12:07] "POST /login/?next=http%3A%2F%2F<remote server hostname>%3A8088%2Fsuperset%2Fexplore%2F%3Fr%3D2%26standalone%3Dtrue%26height%3D400 HTTP/1.1" 302 -
INFO:werkzeug:<my ip> - - [07/Apr/2021 13:12:07] "GET / HTTP/1.1" 302 -
INFO:werkzeug:<my ip> - - [07/Apr/2021 13:12:07] "GET /superset/welcome HTTP/1.1" 302 -
INFO:werkzeug:<my ip> - - [07/Apr/2021 13:12:07] "GET /login/ HTTP/1.1" 200 -
pythonflaskiframeapache-superset


Solution 1:[1]

Assuming your app and your superset is not severed under the same domain name.

You will need to:

  1. add SESSION_COOKIE_SAMESITE = 'None' in superset_config.py
  2. make sure setup firefox is configured to not block cross-site cookies (this is not recommended but it will make embedded chart).

So the redirect from /superset/welcome to /login/ means superset can not find your session from cookie (your browser may block 3rd party cookie since superset is served as 3rd party)

If you're serving superset over HTTP instead of HTTPS, you will need SESSION_COOKIE_SECURE = False in superset_config.py as well although it's not recommended to use http only.

Notice: this solution works for Firefox and Chrome/Chromium, but not Safari.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

pip issue installing almost any library

pip issue installing almost any library

pip issue installing almost any library

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

A simple SMTP server (in Python)

How to specify which pytorch to import, if I have two different versions installed?

How to specify which pytorch to import, if I have two different versions installed?

A simple SMTP server (in Python)

Python: get all months in range?

Python: get all months in range?

Python: get all months in range?

How to specify which pytorch to import, if I have two different versions installed?