Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug when updating chart /api/v1/chart/{pk} #29960

Open
3 tasks done
lsfc02 opened this issue Aug 16, 2024 · 2 comments
Open
3 tasks done

bug when updating chart /api/v1/chart/{pk} #29960

lsfc02 opened this issue Aug 16, 2024 · 2 comments
Labels
api:charts Related to the REST endpoints of charts

Comments

@lsfc02
Copy link

lsfc02 commented Aug 16, 2024
edited
Loading

Bug description

Even passing the correct parameters, it still asks for CSRF token, looks like a bug

How to reproduce the bug

"errors": [
{
"message": "400 Bad Request: The CSRF token is missing.",
"error_type": "GENERIC_BACKEND_ERROR",
"level": "error",
"extra": {
"issue_codes": [
{
"code": 1011,
"message": "Issue 1011 - Superset encountered an unexpected error.

Screenshots/recordings

image

No response

Superset version

4.0.2

Python version

3.9

Node version

16

Browser

Chrome

Additional context

No response

Checklist

  • I have searched Superset docs and Slack and didn't find a solution to my problem.
  • I have searched the GitHub issue tracker and didn't find a similar bug report.
  • I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.
@dosubot dosubot bot added the api:charts Related to the REST endpoints of charts label Aug 16, 2024
@dosubot DosuBot
Copy link

dosubot bot commented Aug 16, 2024

@lsfc02 Hello! I'm here to assist you with any bugs, questions, or contributions. Let me know how I can help while we wait for a human maintainer.

To resolve the CSRF token error when updating a chart via the /api/v1/chart/{pk} endpoint in Superset version 4.0.2, you need to include a valid CSRF token in your request. You can obtain the CSRF token from the api/v1/security/csrf_token/ endpoint.

Here is an example of how you can include the CSRF token in your request using Python and the requests library:

import requests

# URL to fetch the CSRF token
csrf_token_url = 'http://your-superset-instance/api/v1/security/csrf_token/'
# URL to update the chart
update_chart_url = 'http://your-superset-instance/api/v1/chart/{pk}'

# Fetch the CSRF token
response = requests.get(csrf_token_url)
csrf_token = response.json().get('result')

# Data to update the chart
data = {
    # your chart update data here
}

# Headers including the CSRF token
headers = {
    'Content-Type': 'application/json',
    'X-CSRFToken': csrf_token
}

# Make the request to update the chart
response = requests.put(update_chart_url, json=data, headers=headers, cookies=response.cookies)

# Check the response
if response.status_code == 200:
    print('Chart updated successfully')
else:
    print('Failed to update chart:', response.content)

Make sure to replace http://your-superset-instance with the actual URL of your Superset instance and {pk} with the primary key of the chart you want to update.

The CSRF token endpoint is protected and requires proper permissions, as indicated in the superset/security/api.py file. Ensure that your user has the necessary permissions to access this endpoint.

Additionally, the ChartRestApi class in superset/charts/api.py includes the @protect() decorator on the put method, which ensures that CSRF protection is enforced. This means that including the CSRF token in your request headers is mandatory for successful updates [1][2][3][4].

To continue talking to Dosu, mention @dosu.

@mistercrunch
Copy link
Member

related: #19525

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api:charts Related to the REST endpoints of charts
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mistercrunch @lsfc02