dosubot[bot] commented on issue #34813: URL: https://github.com/apache/superset/issues/34813#issuecomment-3213641472
<!-- Greeting --> Hi @jjggddb! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the superset team. <!-- Answer --> The 404 errors from `/api/v1/dataset/<id>` and `/api/v1/chart/<id>` in embedded dashboards mean the dataset or chart either doesn't exist or isn't accessible to the current user/guest token—this is enforced at the API and DAO level, and Superset never masks permission errors as 404s[^1][^2][^3]. Double-check that the IDs are correct and that the guest token or user has access to the specific resources. In DrillByMenuItems, make sure the datasource ID is parsed correctly from `formData.datasource`—if this is malformed, you'll get a 404[^4]. For the 403 error on `/api/v1/chart/data`, this usually means a permissions issue. In embedded mode, make sure the guest token is valid, not expired, and includes the correct dashboard/chart in its resources. Also, the `dashboardId` must be present in all `form_data` sent to the backend; missing this will cause a 403 even if other permissions are granted[^5][^6]. Check for CORS issues and any Row Level Security (RLS) rules that might block access[^7][^8]. Feature flags like `EMBEDDED_SUPERSET`, `DrillBy`, and `DrillToDetail` must be enabled for these features to work; if they're off, related endpoints may return 404[^9]. The frontend components (ChartContextMenu, DrillByMenuItems, DrillDetailMenuItems, SliceHeaderControls) only enable drill actions if the user has the right permissions and the feature flags are set[^10][^11][^12]. **Checklist for 404s:** - Confirm the dataset/chart exists and the ID is correct - Make sure the guest token or user has access to the resource - Check that feature flags are enabled - Ensure the datasource ID is parsed correctly in the frontend **Checklist for 403s:** - Guest token is valid, not expired, and includes the dashboard/chart - `dashboardId` is included in all `form_data` - No misconfigured RLS rules or CORS issues - All required permissions are granted to the guest/visitor role [^1]: [superset/datasets/api.py](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/datasets/api.py) [^2]: [superset/charts/api.py](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/charts/api.py) [^3]: [superset/security/manager.py](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/security/manager.py) [^4]: [DrillByMenuItems.tsx](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset-frontend/src/components/Chart/DrillBy/DrillByMenuItems.tsx) [^5]: [GitHub Issue 32552](https://github.com/apache/superset/issues/32552) [^6]: [GitHub Issue 33902](https://github.com/apache/superset/issues/33902) [^7]: [GitHub Issue 32869](https://github.com/apache/superset/issues/32869) [^8]: [GitHub Discussion 33912](https://github.com/apache/superset/discussions/33912) [^9]: [superset/views/base_api.py](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset/views/base_api.py) [^10]: [ChartContextMenu.tsx](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset-frontend/src/components/Chart/ChartContextMenu/ChartContextMenu.tsx) [^11]: [DrillDetailMenuItems.tsx](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset-frontend/src/components/Chart/DrillDetail/DrillDetailMenuItems.tsx) [^12]: [SliceHeaderControls/index.tsx](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset-frontend/src/dashboard/components/SliceHeaderControls/index.tsx) <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/fd0c5ac6-5acb-4184-a34d-693872e1df1d?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/fd0c5ac6-5acb-4184-a34d-693872e1df1d?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/fd0c5ac6-5acb-4184-a34d-693872e1df1d?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/fd0c5ac6-5acb-4184-a34d-693872e1df1d?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/fd0c5ac6-5acb-4184-a34d-693872e1df1d?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/fd0c5ac6-5acb-4184-a34d-693872e1df1d?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/fd0c5ac6-5acb-4184-a34d-693872e1df1d?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=githu b) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/34813) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
