QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-22 08:15:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(embedded-e2e): address round-2 review findings

Browse Source 
- Gate chromium-embedded project on INCLUDE_EMBEDDED env var; set only in
  superset-playwright.yml (shadow mode) so it never runs in required E2E
- Add embedded test step to experimental workflow alongside experimental step
- Remove SUPERSET_FEATURE_EMBEDDED_SUPERSET from required workflow (no longer needed)
- Remove dead CORS_OPTIONS from superset_test_config (helpers bypass CORS via page.request)
- Log teardown errors in afterAll instead of swallowing with bare catch {}
- Wrap allowed_domains restore in its own try/catch so it can't mask assertion failures
- Gate TALISMAN_ENABLED + PUBLIC_ROLE_LIKE in docker_light behind SUPERSET_FEATURE_EMBEDDED_SUPERSET
- Add failOnStatusCode:true to guest_token request so silent 4xx surfaces immediately
- Remove dead window.__guestToken fallback branch from embedded test app

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Joe Li
2026-05-14 10:36:48 -07:00
parent 12d2d67a65
commit 6e3b668735
8 changed files with 57 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
docker/pythonpath_dev/superset_config_docker_light.py
View File

@@ -53,16 +53,17 @@ FEATURE_FLAGS = {
},
}
# Disable Talisman so /embedded/<uuid> doesn't return X-Frame-Options:SAMEORIGIN.
# Without this, browsers refuse to render Superset inside an iframe from a
# different origin (i.e. the embedded SDK use case). Production/CI configures
# Talisman with explicit `frame-ancestors`; for the lightweight local stack we
# just turn it off.
TALISMAN_ENABLED = False
if os.environ.get("SUPERSET_FEATURE_EMBEDDED_SUPERSET", "").strip().lower() == "true":
# Disable Talisman so /embedded/<uuid> doesn't return X-Frame-Options:SAMEORIGIN.
# Without this, browsers refuse to render Superset inside an iframe from a
# different origin (i.e. the embedded SDK use case). Production/CI configures
# Talisman with explicit `frame-ancestors`; for the lightweight local stack we
# just turn it off.
TALISMAN_ENABLED = False
# Guest tokens (used by the embedded SDK) inherit the "Public" role's perms.
# Out of the box Public has zero perms, so embedded dashboards immediately fail
# their first call (`/api/v1/me/roles/`) with 403. Mirror Public to Gamma —
# the standard read-only viewer role — so the embedded flow can authenticate
# and load dashboard data in local dev.
PUBLIC_ROLE_LIKE = "Gamma"
# Guest tokens (used by the embedded SDK) inherit the "Public" role's perms.
# Out of the box Public has zero perms, so embedded dashboards immediately fail
# their first call (`/api/v1/me/roles/`) with 403. Mirror Public to Gamma —
# the standard read-only viewer role — so the embedded flow can authenticate
# and load dashboard data in local dev.
PUBLIC_ROLE_LIKE = "Gamma"