28b845ead4
Adversarial review surfaced six classes of subdirectory-deployment gaps not
covered by the existing TDD scaffold. Each is fixed where it lives, with
pinning tests added beside the change:
Helpers
- navigationUtils: drop `//` from the navigation safety regex so
`openInNewTab('//evil.com')` can no longer open a cross-origin tab
- pathUtils.stripAppRoot: greedy strip so an upstream `/superset/superset/x`
payload survives one strip + react-router basename re-prepend
- RedirectWarning.isAllowedScheme: explicit `//` guard; the `new URL(...)`
catch branch was silently allowing protocol-relative URLs through
- SupersetClientClass.getUrl: implement the runtime appRoot dedupe the
project memory was already documenting. Flips the contract test from
pinning the doubled shape under a misleading name to asserting single-
prefix emission with segment-boundary + bare-root coverage
Frontend literals and sinks
- loggerMiddleware: `/superset/log/` -> `/log/` (matches the live route
after `Superset.route_base = ""`); updated three test fixtures
- DatasetPanel: raw `window.open(explore_url)` -> `openInNewTab` with null guard
- RedirectWarning: raw `window.location.href = targetUrl` -> `redirect()`
so the helpers' validation applies
Backend literals and sinks
- Slice.explore_json_url: `/superset/explore_json` -> `/explore_json`
- Database.sql_url: `/superset/sql/<id>/` (route no longer exists) ->
`/sqllab/?dbid=<id>` (the live SQL Lab deep-link)
- tasks/async_queries.result_url: same `/superset/` strip
- initialization Home menu: hardcoded `href="/superset/welcome/"` ->
`f"{app_root}/welcome/"` so it works under any application_root
FAB list-view raw HTML
- dashboard_link / slice_link render raw `<a href=...>` strings, which do
not receive SCRIPT_NAME at render time. Migrated both to `url_for`
(`Superset.dashboard` / `ExploreView.root`) so subdir deployments emit
single-prefix hrefs. The model properties themselves keep their
router-relative shape for frontend callers using ensureAppRoot
Tests
- test_subdirectory_url_for.py grew from 7 to 11 cases pinning
Slice.explore_json_url, Database.sql_url, dashboard_link, and slice_link
under SCRIPT_NAME=/superset
- 82 helper Jest tests + 71 touched component tests green; pre-commit clean
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Superset
A modern, enterprise-ready business intelligence web application.
Documentation
- User Guide — For analysts and business users. Explore data, build charts, create dashboards, and connect databases.
- Administrator Guide — Install, configure, and operate Superset. Covers security, scaling, and database drivers.
- Developer Guide — Contribute to Superset or build on its REST API and extension framework.
Why Superset? | Supported Databases | Release Notes | Get Involved | Resources | Organizations Using Superset
Why Superset?
Superset is a modern data exploration and data visualization platform. Superset can replace or augment proprietary business intelligence tools for many teams. Superset integrates well with a variety of data sources.
Superset provides:
- A no-code interface for building charts quickly
- A powerful, web-based SQL Editor for advanced querying
- A lightweight semantic layer for quickly defining custom dimensions and metrics
- Out of the box support for nearly any SQL database or data engine
- A wide array of beautiful visualizations to showcase your data, ranging from simple bar charts to geospatial visualizations
- Lightweight, configurable caching layer to help ease database load
- Highly extensible security roles and authentication options
- An API for programmatic customization
- A cloud-native architecture designed from the ground up for scale
Screenshots & Gifs
Video Overview
Large Gallery of Visualizations
Craft Beautiful, Dynamic Dashboards
No-Code Chart Builder
Powerful SQL Editor
Supported Databases
Superset can query data from any SQL-speaking datastore or data engine (Presto, Trino, Athena, and more) that has a Python DB-API driver and a SQLAlchemy dialect.
Here are some of the major database solutions that are supported:
A more comprehensive list of supported databases along with the configuration instructions can be found here.
Want to add support for your datastore or data engine? Read more here about the technical requirements.
Installation and Configuration
Try out Superset's quickstart guide or learn about the options for production deployments.
Get Involved
- Ask and answer questions on StackOverflow using the apache-superset tag
- Join our community's Slack and please read our Slack Community Guidelines
- Join our dev@superset.apache.org Mailing list. To join, simply send an email to dev-subscribe@superset.apache.org
- If you want to help troubleshoot GitHub Issues involving the numerous database drivers that Superset supports, please consider adding your name and the databases you have access to on the Superset Database Familiarity Rolodex
- Join Superset's Town Hall and Operational Model recurring meetings. Meeting info is available on the Superset Community Calendar
Contributor Guide
Interested in contributing? Check out our Developer Guide to find resources around contributing along with a detailed guide on how to set up a development environment.
Resources
- Superset "In the Wild" - see who's using Superset, and add your organization to the list!
- Feature Flags - the status of Superset's Feature Flags.
- Standard Roles - How RBAC permissions map to roles.
- Superset Wiki - Tons of additional community resources: best practices, community content and other information.
- Superset SIPs - The status of Superset's SIPs (Superset Improvement Proposals) for both consensus and implementation status.
Understanding the Superset Points of View
-
Getting Started with Superset
-
Deploying Superset
-
Recordings of Past Superset Community Events
-
Visualizations
Repo Activity
