You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2020/07/17 05:36:10 UTC
[GitHub] [incubator-superset] saward opened a new issue #10354: Calling /api/v1/chart/data returns 400 "The CSRF session token is missing"
saward opened a new issue #10354:
URL: https://github.com/apache/incubator-superset/issues/10354
Hi,
I'm trying to use the API with JWT. I have been able to successfully use some other endpoints (e.g., getting a list of charts) using this token for authentication. However, the /api/v1/chart/data endpoint, which shows up in the Swagger UI, returns an error. For example, using httpie:
```
http -f POST "https://example.com/api/v1/chart/data" form_data="{\"adhoc_filters\": [], \"bar_stacked\": false, \"bottom_margin\": \"auto\", \"color_scheme\": \"bnbColors\", \"columns\": [], \"contribution\": false, \"datasource\": \"1__table\", \"granularity_sqla\": null, \"groupby\": [\"brand_name\"], \"label_colors\": {}, \"metrics\": [{\"aggregate\": \"SUM\", \"column\": {\"column_name\": \"count\", \"database_expression\": null, \"description\": null, \"expression\": \"\", \"filterable\": false, \"groupby\": false, \"id\": 1, \"is_dttm\": false, \"optionName\": \"_col_count\", \"python_date_format\": null, \"type\": \"BIGINT\", \"verbose_name\": null}, \"expressionType\": \"SIMPLE\", \"fromFormData\": false, \"hasCustomLabel\": false, \"label\": \"SUM(count)\", \"optionName\": \"metric_vvvpnkvzbgj_o6qcag8lo5\", \"sqlExpression\": null}], \"order_bars\": false, \"reduce_x_ticks\": false, \"row_limit\": 10000, \"show_bar_value\": true, \"show_controls\": false, \"show_legend\": true, \"slice_id\": 1, \"time_range\": \"No filter\", \"url_params\": {}, \"viz_type\": \"dist_bar\", \"x_axis_label\": \"Brand\", \"x_ticks_layout\": \"flat\", \"y_axis_format\": \",\", \"y_axis_label\": \"Total Clients\"}" 'Authorization: Bearer <my_jwt_token>'
```
I have the same issue when sending the data as "application/json" as well. Reading the Superset code, if I understand it right, I should be able to use either application/json or form submission with the form_data parameter.
### Expected results
Receive a 200 reply with json body and data from search.
### Actual results
400 received:
```
HTTP/1.1 400 BAD REQUEST
Connection: keep-alive
Content-Length: 150
Content-Type: text/html; charset=utf-8
Date: Fri, 17 Jul 2020 05:20:26 GMT
Server: nginx/1.15.2
Strict-Transport-Security: max-age=15724800; includeSubDomains
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>The CSRF session token is missing.</p>
```
#### How to reproduce the bug
1. Go to /swagger/v1
2. Click on '....'
3. Scroll down to '....'
4. See error
### Environment
(please complete the following information):
- superset version: `superset version`
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Superset 0.999.0dev
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I'm running the 'edge' tag for the unofficial docker image at https://hub.docker.com/r/amancevice/superset/
- python version: `python --version`
3.6.11
- node.js version: `node -v`
N/A
- npm version: `npm -v`
N/A
### Checklist
Make sure these boxes are checked before submitting your issue - thank you!
- [X] I have checked the superset logs for python stacktraces and included it here as text if there are any.
- [X] I have reproduced the issue with at least the latest released version of superset.
- [X] I have checked the issue tracker for the same issue and I haven't found one similar.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] saward commented on issue #10354: Calling /api/v1/chart/data returns 400 "The CSRF session token is missing"
Posted by GitBox <gi...@apache.org>.
saward commented on issue #10354:
URL: https://github.com/apache/incubator-superset/issues/10354#issuecomment-663588036
Looks good thanks, will test soon. Wasn't sure myself exactly how with flask to make it exempt.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] dpgaspar commented on issue #10354: Calling /api/v1/chart/data returns 400 "The CSRF session token is missing"
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on issue #10354:
URL: https://github.com/apache/incubator-superset/issues/10354#issuecomment-662916914
Hi @saward
Just merged a PR that will allow you to make request to `chart/data` without CSRF by default. So your `curl` will succeed with the latest master
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] issue-label-bot[bot] commented on issue #10354: Calling /api/v1/chart/data returns 400 "The CSRF session token is missing"
Posted by GitBox <gi...@apache.org>.
issue-label-bot[bot] commented on issue #10354:
URL: https://github.com/apache/incubator-superset/issues/10354#issuecomment-659866464
Issue Label Bot is not confident enough to auto-label this issue. See [dashboard](https://mlbot.net/data/apache/incubator-superset) for more details.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [incubator-superset] dpgaspar closed issue #10354: Calling /api/v1/chart/data returns 400 "The CSRF session token is missing"
Posted by GitBox <gi...@apache.org>.
dpgaspar closed issue #10354:
URL: https://github.com/apache/incubator-superset/issues/10354
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org