You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/08/03 18:35:42 UTC
[GitHub] [superset] connorwang opened a new issue #16050: Unsafe attempt to load URL when using SQL Lab
connorwang opened a new issue #16050:
URL: https://github.com/apache/superset/issues/16050
We are running Superset on K8s (Rancher). SQL Lab throws error everytime.
#### Screenshots
#### How to reproduce the bug
1. Go to 'SQL Lab'
2. Click on 'SQL Editor'
3. See error
### Environment
(please complete the following information):
- superset version: 1.2.0
- python version: 3.6
- node.js version: 12.4
- any feature flags active: no
### Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [x ] I have checked the superset logs for python stacktraces and included it here as text if there are any.
- [x] I have reproduced the issue with at least the latest released version of superset.
- [x] I have checked the issue tracker for the same issue and I haven't found one similar.
### Additional context
We've tried the followings but to no avail :(
https://github.com/apache/superset/issues/12592
https://github.com/apache/superset/issues/8160
https://github.com/apache/superset/issues/13746
https://github.com/apache/superset/issues/14730
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] metalshanked commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
metalshanked commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-899105935
> For anyone running into similar issues on Rancher - we added the following to Istio's VirtualServices
>
> ```
> http:
> - headers:
> request:
> set:
> X-Forwarded-Proto: https
> ```
>
> So far so good. We'll do a quick check with another team and close the ticket if everything works as intended :)
@connorwang - Is there a similar option for nginx ingress controller that ships with Rancher (2.x)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] metalshanked commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
metalshanked commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-899111021
Found it, here is the snippet to use for nginx ingress controller in case it helps anyone
`nginx.ingress.kubernetes.io/configuration-snippet: more_set_headers "X-Forwarded-Proto:https";`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] kodeine commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
kodeine commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-1074551971
@metalshanked where did u add this header?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] nytai edited a comment on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
nytai edited a comment on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892157887
yea looking into it more the `PROXY_FIX_CONFIG` only configures how the application responds to the `X-Forwarded-*` headers. The key here is passing the correct headers to superset from the proxy/ingress, glad your figured it out.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] nytai edited a comment on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
nytai edited a comment on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892089855
you'll have to figure out how to pass `X-Forwarded-Proto`, usually this can be done via nginx (or other) ingress in k8s
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] metalshanked commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
metalshanked commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-899084268
> you'll have to figure out how to pass `X-Forwarded-Proto`, usually this can be done via nginx (or other) ingress in k8s
@nytai - Would you have an example of how this header can be set via nginx ingress annotations? Thanks in advance!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] nytai commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
nytai commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892089855
you'll have to figure out how to pass `X-Forwarded-Proto`, usually this can be done via nginx ingress
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] connorwang commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
connorwang commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892390553
All fixed. Closing the ticket for now. Thanks! @nytai
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] metalshanked commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
metalshanked commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-1075324134
> @metalshanked where did u add this header?
In the ingress controller's labels and annotations section for the particular workload
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] nytai commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
nytai commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892093302
You may be able to configure `https` proto using this config: https://github.com/apache/superset/blob/430ebe18aa0b6f01f012831abd7754aaa8f258a4/superset/config.py#L207
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] connorwang commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
connorwang commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892153802
For anyone running into similar issues on Rancher - we added the following to Istio's VirtualServices
```
http:
- headers:
request:
set:
X-Forwarded-Proto: https
```
So far so good. We'll do a quick check with another team and close the ticket if everything works as intended :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] connorwang commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
connorwang commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892087925
> Where is SSL being handled? superset needs to return redirects with the `https` scheme, instead of `http`, this is usually handled by passing the `X-Forwarded-Proto https;` header superset and adding `ENABLE_PROXY_FIX=True` in superset config, as the issues you're linked suggest.
We are running with AWS ALB (443) -> Target Group (31xxx) -> Container (8088, where Superset runs). The SSL is terminated at ALB level. We've tried setting `ENABLE_PROXY_FIX=True` and it just redirect us back to a `http` schemed url with a `443` port. I don't think AWS allows to modify the `X-Forwarded` settings :(
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] metalshanked edited a comment on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
metalshanked edited a comment on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-899105935
> For anyone running into similar issues on Rancher - we added the following to Istio's VirtualServices
>
> ```
> http:
> - headers:
> request:
> set:
> X-Forwarded-Proto: https
> ```
>
> So far so good. We'll do a quick check with another team and close the ticket if everything works as intended :)
@connorwang - Is there a similar option for nginx ingress controller that ships with Rancher (2.x) ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] connorwang closed issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
connorwang closed issue #16050:
URL: https://github.com/apache/superset/issues/16050
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] nytai commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
nytai commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892079163
Where is SSL being handled? superset needs to return redirects with the `https` scheme, instead of `http`, this is usually handled by passing the `X-Forwarded-Proto https;` header superset and adding `ENABLE_PROXY_FIX=True` in superset config, as the issues you're linked suggest.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] nytai commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
nytai commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892157887
yea looking into it more the `PROXY_FIX_CONFIG` only configures how the application responds to the `X-Forwarded-*` headers. The key here is passing the correct headers to superset from the proxy/ingress.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] connorwang commented on issue #16050: Unsafe attempt to load URL when using SQL Lab
Posted by GitBox <gi...@apache.org>.
connorwang commented on issue #16050:
URL: https://github.com/apache/superset/issues/16050#issuecomment-892104587
> You may be able to configure `https` proto using this config:
>
> https://github.com/apache/superset/blob/430ebe18aa0b6f01f012831abd7754aaa8f258a4/superset/config.py#L207
We've tried this as someone mentioned in https://github.com/apache/superset/issues/8160#issuecomment-557343651. No luck :( Do we need to run `superset init` for that config change?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org