Ralkion opened a new issue, #30717:
URL: https://github.com/apache/superset/issues/30717
### Bug description
Our error logs are full of the following error:
```
2024-10-25 15:38:51,223:INFO:flask_wtf.csrf:The CSRF token is missing.
Refresh CSRF token error
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
261, in protect
validate_csrf(self._get_csrf_token())
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
100, in validate_csrf
raise ValidationError("The CSRF token is missing.")
wtforms.validators.ValidationError: The CSRF token is missing.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1821, in
full_dispatch_request
rv = self.preprocess_request()
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 2313, in
preprocess_request
rv = self.ensure_sync(before_func)()
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
229, in csrf_protect
self.protect()
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
264, in protect
self._error_response(e.args[0])
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
307, in _error_response
raise CSRFError(reason)
flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF token is missing.
2024-10-25 15:38:51,223:WARNING:superset.views.base:Refresh CSRF token error
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
261, in protect
validate_csrf(self._get_csrf_token())
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
100, in validate_csrf
raise ValidationError("The CSRF token is missing.")
wtforms.validators.ValidationError: The CSRF token is missing.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1821, in
full_dispatch_request
rv = self.preprocess_request()
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 2313, in
preprocess_request
rv = self.ensure_sync(before_func)()
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
229, in csrf_protect
self.protect()
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
264, in protect
self._error_response(e.args[0])
File "/usr/local/lib/python3.10/site-packages/flask_wtf/csrf.py", line
307, in _error_response
raise CSRFError(reason)
flask_wtf.csrf.CSRFError: 400 Bad Request: The CSRF token is missing.
18.68.40.55 - - [25/Oct/2024:15:38:51 +0000] "POST
/superset/log/?explode=events&dashboard_id=65 HTTP/1.1" 302 201
"https://<site>/chart/list/?pageIndex=0&sortColumn=changed_on_delta_humanized&sortOrder=desc&viewMode=table"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101
Firefox/131.0"
```
As you can see from the last line, the `POST /superset/log` is returning a
302 which as it turns out redirects to `/login`.
Proper execution should result in the POST returning a 200.
This happens constantly as users navigate the UI.
### Screenshots/recordings
_No response_
### Superset version
4.0.2
### Python version
3.9
### Node version
16
### Browser
Chrome
### Additional context
_No response_
### Checklist
- [X] I have searched Superset docs and Slack and didn't find a solution to
my problem.
- [X] I have searched the GitHub issue tracker and didn't find a similar bug
report.
- [X] I have checked Superset's logs for errors and if I found a relevant
Python stacktrace, I included it here as text in the "additional context"
section.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
