Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CSRF issue while importing dashboard in superset through nodejs API

Tags:

node.js

csrf

axios

apache-superset

I am facing flask_wtf.csrf:The CSRF session token is missing. while trying to import dashboard (with VERSIONED_EXPORT enabled) via a NodeJS POST API call. Below is the same setup that works for all my other superset API calls:

const config = {
  headers: {
    'X-CSRFToken': await this.getCsrfToken(),
    'Authorization': `Bearer ${await this.getAccessToken()}`
  }
}
axios.get<T>(url, config) //or
axios.post<T>(url, data, config)

For the import dashboard API call, I am using form-data and it works if I add dashboard import to WTF_CSRF_EXEMPT_LIST, but I want to avoid doing that but it can't work with all of these approaches I tried:

const formData = new FormData()

// With X-CSRFToken (shown above)
formData.append('formData', fs.createReadStream(filePath))

// With X-CSRFToken & defined file name & length
var stat = fs.statSync(filePath);
formData.append('formData', fs.createReadStream(filePath), {filename: fileName, knownLength: stat.size})

// With X-CSRFToken and/or Referral and/or Content-Type and/or Content-Length
var stat = fs.statSync(filePath);
formData.append('formData', fs.createReadStream(filePath), {filename: fileName, knownLength: stat.size})

const contentLength = formData.getLengthSync()
const config = {
  headers: {
    'X-CSRFToken': await this.getCsrfToken(),
    'Authorization': `Bearer ${await this.getAccessToken()}`
    'Referrer': url,
    'Content-Type': 'multipart/form-data',
    'Content-Length': contentLength
  }
}

// With X-XSRF-TOKEN
const config = {
  headers: {
    'X-XSRF-TOKEN': await this.getCsrfToken(),
    'Authorization': `Bearer ${await this.getAccessToken()}`
  }
}
formData.append('formData', fs.createReadStream(filePath))



await post(url, formData, config)

I suspect it could be caused by form-data which can't handle csrf token headers as I am able to import dashboard on Postman:

Headers: {
  Authorization: 'Bearer {token}',
  X-CSRFToken: {csrfToken}
}
form-data: {
  formData: {uploadedFile}
}

I am open to suggestions on how I can import dashboard without using form-data in node

like image 514
Moon Is Cool Avatar asked Dec 05 '25 02:12

Moon Is Cool

1 Answers

This is common problem with csrf token. See related post.

In superset case you need to get not only csrf token but also session cookie. Session cookie looks like this

session=eyJjc3JmX3Rva2VuIjoiMGYwMzRiNzgyMzIyMDgwNTM5M2Y4YzdjODYyZmIzZGMyMGJlYjAwZiJ9.Ykb6sQ.PSJYvZBxYK7nEMzK3smE4WUSVEY;

You need to add this session info to Cookie header of your client and it will work.

like image 162
xneg Avatar answered Dec 07 '25 16:12

xneg
Sign in to Comment

Related questions

Installing cypress - stuck on unzipping 0%
How to wait for server response before calling Apollo Graph QL Query?
How to Redirect From Backend To FrontEnd after Authentication
Is there a framework or method that lets the server and client easily share variables?
socket.io emit only to sender outside the socket.on('connect')
Backbone remove() from Collection
Nodejs Passport authenticate callback not being called with no errors
How to enable http2 protocol in nuxt.js
Jest + mockImplementation + Number of calls: 0
Why am I getting error "No valid versions available for undefined" while installing create-react-app
Resampling time series or dataframes with Javascript / Node.js
How can I reload an ES6 module at runtime?
Uploading and storing images

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!