Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reloading of page with embedded dashboard leads to "Access is Denied"-popups before charts are shown (due to previous cookie) #23001

Closed
3 tasks done
e-geist opened this issue Feb 6, 2023 · 9 comments
Closed
3 tasks done

Reloading of page with embedded dashboard leads to "Access is Denied"-popups before charts are shown (due to previous cookie) #23001

e-geist opened this issue Feb 6, 2023 · 9 comments
Labels
#bug Bug report embedded v2.1

Comments

@e-geist
Copy link

e-geist commented Feb 6, 2023
edited
Loading

If we reload a page (we created) with an embedded dashboard, that was successfully loaded before, "Access is Denied" popups appear in the upper right corner of the embedded dashboard. These disappear after some seconds and the dashboard is properly shown.

We noticed this happens, because the browser sends initially an "old cookie" from previous requests - Superset apparently tries using it and shows "Access is Denied".

These popups confuse users as the dashboard works fine, but there are some warnings shown.
There is also nothing the access is denied to, it's more of a cosmetic problem.

How to reproduce the bug

  1. Enable embedding dashboards in superset via config
  2. Enable a dashboard to be embedded
  3. Implement a guest token fetching mechanism
  4. Make sure cookie policies are set correctly
  5. Load page with embedded dashboard (-> no "Access is Denied" popups as this is the first access)
  6. Reload page with embedded dashboard ("Access is Denied" popups appear and disappear after some time)

Expected results

Upon reloading of a page with an embedded dashboard, the dashboard is properly shown without warnings if there are no problems with authentication/role access.

Actual results

Upon reloading of a page with an embedded dashboard, "Access is Denied" warnings pop up before the actual dashboard is shown.
We would expect that even if the browser sends an old cookie, it is just discarded, as the provided guest token will be used anyways.

Environment

browser type and version: Firefox
superset version: 2.0.1
python version: Python 3.8.12
any feature flags active: nothing too special - we use embedding dashboards, but this also occurs for normal dashboards

Checklist

Make sure to follow these steps before submitting your issue - thank you!

  • I have checked the superset logs for python stacktraces and included it here as text if there are any.
  • I have reproduced the issue with at least the latest released version of superset.
  • I have checked the issue tracker for the same issue and I haven't found one similar.

Additional context

By manually deleting the session cookie of the superset instance, before reloading the page with the embedded dashboard, the warnings can be prevented. This is of course not feasible for end users.

Some further things to note:

  • embedding role must NOT have admin permissions
  • no other active Superset session in same browser (e.g. directly logged in via Superset Web UI)
@e-geist e-geist added the #bug Bug report label Feb 6, 2023
@vivek-kandhvar
Copy link

Yeah, this is very annoying and we were also clueless. Thanks for raising the bug. Hopefully we will have a fix soon.

@eschutho eschutho added the v2.1 label Mar 1, 2023
@eschutho
Copy link
Member

@lilykuang tried reproducing it and hasn't been able to yet. I think we're going to have to push this fix out to 2.1.1. Hopefully we can get someone to put up a fix for this.

@e-geist
Copy link
Author

e-geist commented Mar 14, 2023

I added some notes to the additional context section above.
@lilykuang @eschutho
Also feel free to contact me directly via Slack or here for further debugging/information.

@eschutho
Copy link
Member

Thanks @e-geist It looks like this may have been fixed in this PR. https://github.com/apache/superset/pull/21157/files. If you would like to test it out on the latest 2.1rc2 release, can you let us know if it fixes the issue for you?

@e-geist
Copy link
Author

e-geist commented Mar 24, 2023
edited
Loading

Hi @eschutho ,

sorry for the late response, will test as soon as possible and report back.
Currently unfortunately very busy with other stuff - but will try to get back to it next week.

@e-geist
Copy link
Author

e-geist commented Mar 31, 2023
edited
Loading

So we were finally able to verify the fix. With 2.1rc3 we don't see any "Access Denied" messages popping up anymore!
The bug is fixed
Thank you @lilykuang @eschutho ! Really appreciate the it!

(Not sure what the policy about closing issues is? Do I close it or does it get closed?)

@lucasfernando
Copy link

I just added "can log on Superset" permission to Public role and that solved the problem for me.

@cwegener
Copy link
Contributor

cwegener commented Sep 1, 2023

I just added "can log on Superset" permission to Public role and that solved the problem for me.

Yeah. Ever since I've included that permissions a couple of months ago, I haven't seen the "Access denied" toast for embedded dashboards. I think that is the one.

@eschutho
Copy link
Member

eschutho commented Oct 4, 2023

Great. I'll close this ticket then. Thanks!

@eschutho eschutho closed this as completed Oct 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
#bug Bug report embedded v2.1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rusackas @cwegener @eschutho @e-geist @lucasfernando @vivek-kandhvar