GitHub user dosubot[bot] added a comment to the discussion: Unable to embed dashboard for Superset 5.0.0. Csrf token issue maybe
<!-- Answer --> If disabling `WTF_CSRF_ENABLED` didn't fix it, the most common cause is that the config change isn't being picked up by your running Superset instanceāespecially if you're using Docker, where the override must be in `./docker/pythonpath_dev/superset_config_docker.py` on your host, not in `/app/superset/config.py` or elsewhere. After editing, you need to fully restart the containers with `docker compose down -v` and `docker compose up` for the change to take effect. You can confirm the config is loaded by checking for log lines like `Loaded your Docker configuration at [...]` at startup or by inspecting `/api/v1/config` or `window.featureFlags` in the browser console [source](https://github.com/apache/superset/issues/33702). If you are not using Docker, make sure your override is in `superset_config.py` somewhere on the Python path and that the app is fully restarted. If the config is definitely loaded and CSRF is off, but you still see the same error, check that all required feature flags and permissions are set, and that your embedding/token requests include the correct Authorization header and JWT audience claim. Also, double-check that your guest token payload doesn't have a numeric `"sub"` claim (it must be a string if present, but for embedding, Superset doesn't require `"sub"` at all) [source](https://github.com/apache/superset/issues/31675). If you can share the latest logs after disabling CSRF and restarting, I can help dig deeper! <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/b3c1bb6a-b665-4c64-98fa-938ca4f5b2b8?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/b3c1bb6a-b665-4c64-98fa-938ca4f5b2b8?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/b3c1bb6a-b665-4c64-98fa-938ca4f5b2b8?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/b3c1bb6a-b665-4c64-98fa-938ca4f5b2b8?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/b3c1bb6a-b665-4c64-98fa-938ca4f5b2b8?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/b3c1bb6a-b665-4c64-98fa-938ca4f5b2b8?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/b3c1bb6a-b665-4c64-98fa-938ca4f5b2b8?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/33886) GitHub link: https://github.com/apache/superset/discussions/33886#discussioncomment-13564783 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
