CORS not working as documented

See original GitHub issue

Superset version

0.28.1

using docker image with flask-cors==3.0.3

Expected results

able to load dashboard in an iframe

Actual results

Firefox displays : 'Load denied by X-Frame-Options: … ’

Chrome displays : Refused to display ‘https://…’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’

Steps to reproduce

I’ve added this option to my configuration py file : ENABLE_CORS = True

I’m 100% sure the right file is in use (I also ave OAuth for instance set in the cofig file, and it is working)

I checked that superset[cors] IS installed in the image (I raun pip install superset[cors] inside the container, which told me eveything was already set)

I refer to this documentation : https://superset.incubator.apache.org/installation.html#cors

If something should be added in CORS_OPTIONS please at least give an example, don’t throw readers to parent full documentation.

Thank you for any advice ! I’m pretty sure it’s not a bug but a configuration issue on my side, but I simply can’t find a configuration explanation to allow cross-origin from any url.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:6

github_iconTop GitHub Comments

1reaction
graceguo-supercatcommented, Nov 24, 2018

See this line in config.py: https://github.com/apache/incubator-superset/blob/0584e3629feaad17dc1391760aeb8a0cf6e8832f/superset/config.py#L316

set HTTP_HEADERS = {} is the right way for embed Superset chart in a iframe. CORS settings are used for 3rd party website that calls Superset backend without iframe.

0reactions
squaloucommented, Nov 24, 2018

Ok ! Thanks for the clarification.

Closing this.

Read more comments on GitHub >

github_iconTop Results From Across the Web

CORS errors - HTTP - MDN Web Docs - Mozilla
Identifying the issue. To understand the underlying issue with the CORS configuration, you need to find out which request is at fault and...
Read more >
CORS not working as documented · Issue #6418 - GitHub
Hello just change the HTTP_HEADERS={'X-Frame-Options':'SAMEORIGIN'} in the config.py or in your custom config and set X-Frame-Options to 'Allow' ...
Read more >
Fixing Common Problems with CORS and JavaScript
Tutorial: This post walks through troubleshooting and fixing common problems associated with calling REST APIs from JavaScript.
Read more >
Troubleshooting CORS - Amazon Simple Storage Service
If you encounter unexpected behavior while accessing buckets set with the CORS configuration, try the following steps to troubleshoot:.
Read more >
c# - Asp.net Core 3.0 CORS not working based on official ...
If you put the API URL directly in the browser, CORS is not involved. It isn't a cross-origin request. That only happens when...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found