Vitor-Avila opened a new pull request, #32735: URL: https://github.com/apache/superset/pull/32735
### SUMMARY Some hosting apps might have configurations to automatically set a `referrerPolicy` value for any `iframe` element added, which would affect the `iframe` created by the SDK as it doesn't have a value set. This becomes an issue for more restrictive policies since the validation of allowed domains is done through the `Referrer` header value, and therefore including this header in the request is important. This PR adds a new parameter to the `embedDashboard` function that allows specifying a `referrerPolicy` value. This parameter is optional (to ensure backwards compatibility) and if not provided should respect the hosting app. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF No UI changes. ### TESTING INSTRUCTIONS 1. Load a dashboard in embedded mode specifying a `refererPolicy` in the `embedDashboard` method. 2. Inspect the browser and validate the `refererPolicy` propagates to the request triggered by the `iframe`. ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
