lindner-tj commented on code in PR #30032: URL: https://github.com/apache/superset/pull/30032#discussion_r1735772260
########## docs/docs/configuration/networking-settings.mdx: ########## @@ -27,6 +28,59 @@ Note that Superset bundles [flask-talisman](https://pypi.org/project/talisman/) Self-descried as a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues. + +## HTML Embedding of Dashboards and Charts + +There are two ways to embed a dashboard: Using the [SDK](https://www.npmjs.com/package/@superset-ui/embedded-sdk) or embedding a direct link. Note that in the latter case everybody who knows the link is able to access the dashboard. + +### Enabling Embedding via the SDK + +Clicking on `...` next to `EDIT DASHBOARD` on the top right of the dashboard's overview page should yield a drop-down menu including the entry "Embed dashboard". + +To enable this entry, add the following line to the `.env` file: + +```text +SUPERSET_FEATURE_EMBEDDED_SUPERSET=true +``` +### Embedding a Public Direct Link to a Dashboard + +This works by first changing the content security policy (CSP) of [flask-talisman](https://github.com/GoogleCloudPlatform/flask-talisman) to allow for certain domans to display Superset content. Then a dashbaord can be made publicly accessible, i.e. **bypassing any authentication mechanism**. Once made public, the dashboard's URL can be added to an iframe in another website's HTML Code. + +#### Changing flask-talisman CSP + +Add to superset_config.py the entire `TALISMAN_CONFIG` section from `config.py` and include a `frame-ancestors` section: +```python +TALISMAN_ENABLED = True +TALISMAN_CONFIG = { + "content_security_policy": { + ... + "frame-ancestors": ["*.my-domain.com", "*.another-domain.com"], + ... +``` +****This becomes active after fully restarting Superset. For Docker this means recreating the container.**** +#### Making a Dashboard Public +1. Add the `'DASHBOARD_RBAC': True` [Feature Flag](https://github.com/apache/superset/blob/master/RESOURCES/FEATURE_FLAGS.md) to `superset_config.py` +2. Add the `Public` role to your dashboard as described [here](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard/#manage-access-to-dashboards) + +#### Embedding a Public Dashboard + +Now anybody can directly access the dashboard's URL. You can embed it in an iframe like so: + +```html +<iframe + width="600" + height="400" + seamless + frameBorder="0" + scrolling="no" + src="https://superset.my-domain.com/superset/dashboard/10/?standalone=1&height=400"; +> +</iframe> +``` +#### Embedding a Chart + +Can be done simply by going to a chart's overview page and then clicking at the top right on `...` > `Share` > `Embed code` Review Comment: It now looks fine. I think the issue is gone now. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
