Merge pull request #356 from DalgoT4D/embed-token-fix

fix - guest_token api request requires cookies to be set
DalgoT4D · Nov 8, 2023 · 2a37d89 · 2a37d89
2 parents ef1b834 + 30aaa32
commit 2a37d89
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/ddpui/api/client/superset_api.py b/ddpui/api/client/superset_api.py
@@ -95,12 +95,15 @@ def post_fetch_embed_token(request, dashboard_uuid):  # pylint: disable=unused-a
         raise HttpError(500, "couldn't connect to superset")
 
     # Hit the superset endpoint /api/v1/security/csrf_token
+    cookies = None
     try:
         response = requests.get(
             f"{os.getenv('SUPERSET_USAGE_DASHBOARD_API_URL')}/security/csrf_token",
             headers={"Authorization": f"Bearer {access_token}"},  # skipcq: PTC-W1006
             timeout=10,
         )
+        if "Set-Cookie" in response.headers:
+            cookies = response.headers["Set-Cookie"]
         response.raise_for_status()
         csrf_token = response.json()["result"]
 
@@ -128,15 +131,18 @@ def post_fetch_embed_token(request, dashboard_uuid):  # pylint: disable=unused-a
             headers={
                 "Authorization": f"Bearer {access_token}",
                 "X-CSRFToken": csrf_token,
+                "Content-Type": "application/json",
+                "Referer": f"{os.getenv('SUPERSET_USAGE_DASHBOARD_API_URL')}",
             },  # skipcq: PTC-W1006
+            cookies={"session": cookies.split("=")[1]},
             timeout=10,
         )
         response.raise_for_status()
         embed_token = response.json()["token"]
 
     except requests.exceptions.RequestException as err:
         logger.error(
-            "Something went wrong trying to fetch the csrf token from superset usage dashboard domain : %s",
+            "Something went wrong trying to fetch the guest/embed token from superset usage dashboard domain : %s",
             str(err),
         )
         # pylint:disable=raise-missing-from