Embeded superset dashboard not showing and giving error in jmix app

ftanvir50 · September 24, 2024, 9:15am

I made a jmix app. Then tried to integrate a superset dashboard the way it was shown in the documentation. the application is running but the dashboard view shows the given error.

error: Something went wrong with embedded authentication. Check the dev console for details.

fedorov · September 24, 2024, 10:26am

Hi, Farhan,

To identify the cause of the error, more information is required. Please send the logged messages from the dev console of your browser.

Regards,
Sergey.

ftanvir50 · September 29, 2024, 3:41am

Refused to display ‘http://194.163.140.173:8088/’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.Understand this error
generated-flow-imports-B5IaR49q.js:16707 Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘http://194.163.140.173:8088’) does not match the recipient window’s origin (‘null’).
this is the error from the console

ftanvir50 · October 24, 2024, 2:44am

@fedorov Is there any update on the issue?

pinyazhin · October 25, 2024, 6:22am

Hello!

Make sure you specify the correct CSP settings, e.g., frame-ancestors, in the Superset Talisman configuration. For instance, if your application is running on localhost:8080, the configuration will be the same as in the documentation (Configuration :: Jmix Documentation).

TALISMAN_CONFIG = {
    "content_security_policy": {
        "base-uri": ["'self'"],
        "default-src": ["'self'"],
        "img-src": [
            "'self'",
            "blob:",
            "data:",
            "https://apachesuperset.gateway.scarf.sh",
            "https://static.scarf.sh/",
        ],
        "worker-src": ["'self'", "blob:"],
        "connect-src": [
            "'self'",
            "https://api.mapbox.com",
            "https://events.mapbox.com",
        ],
        "object-src": "'none'",
        "style-src": [
            "'self'",
            "'unsafe-inline'",
        ],
        "script-src": ["'self'", "'strict-dynamic'"],
        "frame-ancestors": ["http://localhost:8080"]
    },
    "content_security_policy_nonce_in": ["script-src"],
    "force_https": False,
    "session_cookie_secure": False,
}

ftanvir50 · November 10, 2024, 1:11am

Hello @pinyazhin thanks for the suggestion. I used the same configuration as in the documentation. But the problem persists. Is there anything else you would like to suggest?

pinyazhin · November 11, 2024, 5:48am

Do you run the Superset and Jmix application on the same machine?

ftanvir50 · November 11, 2024, 1:52pm

@pinyazhin yes they are in the same machine

ftanvir50 · November 12, 2024, 6:53am

@pinyazhin Also i wanted to know where is the x-frame-options in the superset configuration files?

pinyazhin · November 18, 2024, 6:05am

To add x-frame-options header you need to add the following properties to Superset:

TALISMAN_ENABLED = False
ENABLE_CORS = True
HTTP_HEADERS={"X-Frame-Options":"ALLOWALL"} # not secure

Pay attention that x-frame-options is deprecated (X-Frame-Options - HTTP | MDN) and you should use CSP: frame-ancestors - HTTP | MDN.