400 Bad Request: The CSRF session token is missing.

[devyash786]

400 Bad Request: The CSRF session token is missing., How to resolve this

[dosubot[bot]]

To resolve the "400 Bad Request: The CSRF session token is missing" error in Apache Superset, ensure the following:

1. Headers Configuration: Make sure that all required headers are present, including the CSRF token and the Referer header. The Referer header must be properly set for HTTPS requests.

2. CSRF Token Implementation: Verify that the CSRF token is being correctly fetched from /api/v1/security/csrf_token/ and ensure that the token is properly included in the request headers ^[1].

Additionally, there are similar threads discussing this issue. One suggested solution is to adjust the session cookie settings in superset/config.py:

• Set SESSION_COOKIE_SAMESITE = None to address the CSRF token issue when embedding Superset in an iframe.
• If using HTTPS, ensure SESSION_COOKIE_SAMESITE = "None" and SESSION_COOKIE_SECURE = True.
• If not using HTTPS, set SESSION_COOKIE_SAMESITE = None, SESSION_COOKIE_SECURE = False, and SESSION_COOKIE_HTTPONLY = False ^[2].

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other}