-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Markdown with iframe (Echart type - Big Number ) error: "Unexpected token < in JSON at position 0" #18150
Comments
Hello @gndsnts which Superset version are you running? |
Related or duplicate of #18126 |
Hi, something similar happens to me. 1- When I embed a public dashboard with "echarts" and "legacy charts" only "echarts" works making requests to |
Related or duplicate of #17436 |
In my case, I solved it by adding WTF_CSRF_ENABLED = False to superset_config.py It allowed me to show Legacy Charts. |
It worked!!! Thanks!! However, I believe that it is not a good option to disable this CSRF protection. I would like to know if there are other options. There is someone that can help me? |
That's exactly right, legacy charts use an older data endpoint that wasn't added to the CSRF excempt list.
Also correct, disabling CSRF protection can open you up to XSS vulnerabilities. We ran into the same problem independently, and just merged a PR that changes the CSRF exempt list, here: https://github.com/apache/superset/pull/17530/files#diff-c99ae4b2b09b756ab2189a99a9685229f9d12633fc2616c368ea869770f603bfR202. The endpoint is safe to make exempt from CSRF, because although it is a I believe that commit should solve this issue, and the other related ones. |
Thanks to everyone for the help. |
Hey,
I'm trying to create simple html page, that use iframe with link from superset.
In this dashboard , there are 2 echarts:
1 Timeseries - MarkDown element with iframe
1 Big Number -Markdown Element with iframe
Print from superset:
Print from my created page, that contain a iframe with url dashboard:
I don't know how this happen, one iframe work's and the other have the error: "Unexpected token < in JSON at position 0"
In devtools from chrome, i have this result:
At the moment in file config.py, I have wtf_crsf_enable = true(default), and use this cors configuration:
CORS Options
ENABLE_CORS = True
CORS_OPTIONS: Dict[Any, Any] = {}
#I add my domain to list SUPERSET_WEBSERVER_DOMAINS, example:
SUPERSET_WEBSERVER_DOMAINS = {"domain1","domain2","domain3"}
My config.py: config.py.txt
I think this is the most important changes that I did, but it's not enought... if any one can help me, I would appreciate it
Best regards
The text was updated successfully, but these errors were encountered: