You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/08/23 13:43:45 UTC

[GitHub] [superset] buremba opened a new issue #16398: Unable to use create database via API: `The CSRF token is missing.`

buremba opened a new issue #16398:
URL: https://github.com/apache/superset/issues/16398


   ### Expected results
   
   `POST /api/v1/database` endpoint should work because it's in the documentation.
   
   ### Actual results
   
   When I use the Swagger client embedded into the application (`/swagger/v1`), the API throws the following exception:
   
   ```
   The CSRF token is missing.
   ```
   
   Here is a snippet that reproduces the same issue as well:
   
   ```
   token_request = requests.get("{}/api/v1/security/csrf_token".format(self.superset_url),
                        headers={'Authorization': 'Bearer {}'.format(self.current_access_token)})
   if token_request.status_code != 200:
          raise Exception("Unable to get CSRF token: {}".format(token_request.text))
   csrf_token = token_request.json().get('result')
   
   r = requests.post("{}/api/v1/database".format(self.superset_url),
                     json={
                         "allow_csv_upload": False,
                         "allow_ctas": True,
                         "allow_cvas": False,
                         "allow_dml": False,
                         "allow_multi_schema_metadata_fetch": True,
                         "allow_run_async": True,
                         "database_name": database_name,
                         "expose_in_sqllab": True,
                         "sqlalchemy_uri": "presto://.."
                     },
                     headers={'Authorization': 'Bearer {}'.format(self.current_access_token), "X-CSRFToken": csrf_token})
   ```
   
   #### Screenshots
   
   
   <img width="1336" alt="CleanShot 2021-08-23 at 16 39 28@2x" src="https://user-images.githubusercontent.com/82745/130457225-9266547a-5505-4391-a517-a3bc0861e77c.png">
   
   Environment:
   
   superset version: superset version `1.2.0`
   python version: python --version: `python-3.7.10`
   node.js version: node -v: not relevant
   
   ### Checklist
   
   Make sure to follow these steps before submitting your issue - thank you!
   
   - [x] I have checked the superset logs for python stacktraces and included it here as text if there are any.
   - [x] I have reproduced the issue with at least the latest released version of superset.
   - [x] I have checked the issue tracker for the same issue and I haven't found one similar.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] youngsol commented on issue #16398: Unable to use create database via API: `The CSRF token is missing.`

Posted by GitBox <gi...@apache.org>.

youngsol commented on issue #16398:
URL: https://github.com/apache/superset/issues/16398#issuecomment-914252752


   @buremba 
   yea WTForms requires csrf token in the session.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] hitzelc commented on issue #16398: Unable to use create database via API: `The CSRF token is missing.`

Posted by GitBox <gi...@apache.org>.

hitzelc commented on issue #16398:
URL: https://github.com/apache/superset/issues/16398#issuecomment-916409644


   > @youngsol Here is how it works in our case: https://github.com/metriql/metriql-superset/blob/main/metriql2superset/superset.py#L21
   
   You're my hero!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] youngsol edited a comment on issue #16398: Unable to use create database via API: `The CSRF token is missing.`

Posted by GitBox <gi...@apache.org>.

youngsol edited a comment on issue #16398:
URL: https://github.com/apache/superset/issues/16398#issuecomment-914226877


   yea I have same problem.
   Temporary solution is register those API to CSRF exemption list.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] youngsol commented on issue #16398: Unable to use create database via API: `The CSRF token is missing.`

Posted by GitBox <gi...@apache.org>.

youngsol commented on issue #16398:
URL: https://github.com/apache/superset/issues/16398#issuecomment-914257339


   solution: use requests.session not just request.get/post/put (well get is ok)
   ```
   session = request.Session()
   session.get(CSRF TOKEN)
   session.post(CREATE DATABASE, headers = {BEARER,X-CSRFTOKEN})
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] buremba commented on issue #16398: Unable to use create database via API: `The CSRF token is missing.`

Posted by GitBox <gi...@apache.org>.

buremba commented on issue #16398:
URL: https://github.com/apache/superset/issues/16398#issuecomment-914261439


   @youngsol Here is how it works in our case: https://github.com/metriql/metriql-superset/blob/main/metriql2superset/superset.py#L21


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] buremba commented on issue #16398: Unable to use create database via API: `The CSRF token is missing.`

Posted by GitBox <gi...@apache.org>.

buremba commented on issue #16398:
URL: https://github.com/apache/superset/issues/16398#issuecomment-914238731


   Eventually, I had to mimic the users by creating session cookie and using the internal APIs. :(


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] youngsol commented on issue #16398: Unable to use create database via API: `The CSRF token is missing.`

Posted by GitBox <gi...@apache.org>.

youngsol commented on issue #16398:
URL: https://github.com/apache/superset/issues/16398#issuecomment-914226877


   yea I have same problem.
   Temporary solution is register those API to CSRF exempt list.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org