docs/configuration/networking-settings/index.html - superset-site - Git at Google

 <!doctype html>
 <html lang="en" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-current docs-doc-page docs-doc-id-configuration/networking-settings" data-has-hydrated="false">
 <head>
 <meta charset="UTF-8">
 <meta name="generator" content="Docusaurus v3.8.1">
 <title data-rh="true">Network and Security Settings | Superset</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://superset.apache.org/docs/configuration/networking-settings"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Network and Security Settings | Superset"><meta data-rh="true" name="description" content="CORS"><meta data-rh="true" property="og:description" content="CORS"><link data-rh="true" rel="icon" href="/img/favicon.ico"><link data-rh="true" rel="canonical" href="https://superset.apache.org/docs/configuration/networking-settings"><link data-rh="true" rel="alternate" href="https://superset.apache.org/docs/configuration/networking-settings" hreflang="en"><link data-rh="true" rel="alternate" href="https://superset.apache.org/docs/configuration/networking-settings" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://WR5FASX5ED-dsn.algolia.net" crossorigin="anonymous"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Network and Security Settings","item":"https://superset.apache.org/docs/configuration/networking-settings"}]}</script><link rel="search" type="application/opensearchdescription+xml" title="Superset" href="/opensearch.xml">


 <script src="/script/matomo.js"></script>
 <script src="https://widget.kapa.ai/kapa-widget.bundle.js" async data-website-id="c6a8a8b8-3127-48f9-97a7-51e9e10d20d0" data-project-name="Apache Superset" data-project-color="#FFFFFF" data-project-logo="https://images.seeklogo.com/logo-png/50/2/superset-icon-logo-png_seeklogo-500354.png" data-modal-override-open-id="ask-ai-input" data-modal-override-open-class="search-input" data-modal-disclaimer="This is a custom LLM for Apache Superset with access to all [documentation](superset.apache.org/docs/intro/), [GitHub Open Issues, PRs and READMEs](github.com/apache/superset).&amp;#10;&amp;#10;Companies deploy assistants like this ([built by kapa.ai](https://kapa.ai)) on docs via [website widget](https://docs.kapa.ai/integrations/website-widget) (Docker, Reddit), in [support forms](https://docs.kapa.ai/integrations/support-form-deflector) for ticket deflection (Monday.com, Mapbox), or as [Slack bots](https://docs.kapa.ai/integrations/slack-bot) with private sources." data-modal-example-questions="How do I install Superset?,How can I contribute to Superset?" data-button-text-color="rgb(81,166,197)" data-modal-header-bg-color="#ffffff" data-modal-title-color="rgb(81,166,197)" data-modal-title="Apache Superset AI" data-modal-disclaimer-text-color="#000000" data-consent-required="true" data-consent-screen-disclaimer="By clicking &quot;I agree, let&#39;s chat&quot;, you consent to the use of the AI assistant in accordance with kapa.ai&#39;s [Privacy Policy](https://www.kapa.ai/content/privacy-policy). This service uses reCAPTCHA, which requires your consent to Google&#39;s [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms). By proceeding, you explicitly agree to both kapa.ai&#39;s and Google&#39;s privacy policies."></script><link rel="stylesheet" href="/assets/css/styles.24c84e32.css">
 <script src="/assets/js/runtime~main.1cdd4cdb.js" defer="defer"></script>
 <script src="/assets/js/main.cfd6fe60.js" defer="defer"></script>
 </head>
 <body class="navigation-with-keyboard">
 <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs>
 <symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"/></symbol>
 </defs></svg>
 <script>!function(){var t=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return window.localStorage.getItem("theme")}catch(t){}}();document.documentElement.setAttribute("data-theme",t||(window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light")),document.documentElement.setAttribute("data-theme-choice",t||"system")}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a class="navbar__brand" href="/"><div class="navbar__logo"><img src="/img/superset-logo-horiz.svg" alt="Superset Logo" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/img/superset-logo-horiz-dark.svg" alt="Superset Logo" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div></a><div class="navbar__item dropdown dropdown--hoverable"><a class="navbar__link" aria-haspopup="true" aria-expanded="false" role="button" href="/docs/intro">Documentation</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/docs/intro">Getting Started</a></li><li><a class="dropdown__link" href="/docs/faq">FAQ</a></li></ul></div><div class="navbar__item dropdown dropdown--hoverable"><a class="navbar__link" aria-haspopup="true" aria-expanded="false" role="button" href="/community">Community</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/community">Resources</a></li><li><a href="https://github.com/apache/superset" target="_blank" rel="noopener noreferrer" class="dropdown__link">GitHub<svg width="12" height="12" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li><a href="http://bit.ly/join-superset-slack" target="_blank" rel="noopener noreferrer" class="dropdown__link">Slack<svg width="12" height="12" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li><a href="https://lists.apache.org/list.html?dev@superset.apache.org" target="_blank" rel="noopener noreferrer" class="dropdown__link">Mailing List<svg width="12" height="12" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li><a href="https://stackoverflow.com/questions/tagged/apache-superset" target="_blank" rel="noopener noreferrer" class="dropdown__link">Stack Overflow<svg width="12" height="12" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li></ul></div></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><a class="navbar__item navbar__link default-button-theme get-started-button" href="/docs/intro">Get Started</a><a href="https://github.com/apache/superset" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link github-button"></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="system mode" aria-label="Switch between dark and light mode (currently system mode)"><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP systemToggleIcon_QzmC"><path fill="currentColor" d="m12 21c4.971 0 9-4.029 9-9s-4.029-9-9-9-9 4.029-9 9 4.029 9 9 9zm4.95-13.95c1.313 1.313 2.05 3.093 2.05 4.95s-0.738 3.637-2.05 4.95c-1.313 1.313-3.093 2.05-4.95 2.05v-14c1.857 0 3.637 0.737 4.95 2.05z"></path></svg></button></div><div class="navbarSearchContainer_Bca1"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search (Command+K)"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/intro">Introduction</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/quickstart">Quickstart</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/docs/installation/architecture">Installation</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret menu__link--active" role="button" aria-expanded="true" href="/docs/configuration/configuring-superset">Configuration</a></div><ul class="menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/configuring-superset">Configuring Superset</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/databases">Connecting to Databases</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/alerts-reports">Alerts and Reports</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/cache">Caching</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/async-queries-celery">Async Queries via Celery</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/sql-templating">SQL Templating</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/timezones">Timezones</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/configuration/networking-settings">Network and Security Settings</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/event-logging">Event Logging</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/country-map-tools">Country Map Tools</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/importing-exporting-datasources">Importing and Exporting Datasources</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/map-tiles">Map Tiles</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/configuration/theming">Theming</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/docs/using-superset/creating-your-first-dashboard">Using Superset</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/docs/contributing/">Contributing</a></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--sublist-caret" role="button" aria-expanded="false" href="/docs/security/">Security</a></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/faq">FAQ</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/api">API</a></li></ul></nav><button type="button" title="Collapse sidebar" aria-label="Collapse sidebar" class="button button--secondary button--outline collapseSidebarButton_PEFL"><svg width="20" height="20" aria-hidden="true" class="collapseSidebarButtonIcon_kv0_"><g fill="#7a7a7a"><path d="M9.992 10.023c0 .2-.062.399-.172.547l-4.996 7.492a.982.982 0 01-.828.454H1c-.55 0-1-.453-1-1 0-.2.059-.403.168-.551l4.629-6.942L.168 3.078A.939.939 0 010 2.528c0-.548.45-.997 1-.997h2.996c.352 0 .649.18.828.45L9.82 9.472c.11.148.172.347.172.55zm0 0"></path><path d="M19.98 10.023c0 .2-.058.399-.168.547l-4.996 7.492a.987.987 0 01-.828.454h-3c-.547 0-.996-.453-.996-1 0-.2.059-.403.168-.551l4.625-6.942-4.625-6.945a.939.939 0 01-.168-.55 1 1 0 01.996-.997h3c.348 0 .649.18.828.45l4.996 7.492c.11.148.168.347.168.55zm0 0"></path></g></svg></button></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><span class="breadcrumbs__link">Configuration</span></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">Network and Security Settings</span></li></ul></nav><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>Network and Security Settings</h1></header>
 <h2 class="anchor anchorWithStickyNavbar_LWe7" id="cors">CORS<a href="#cors" class="hash-link" aria-label="Direct link to CORS" title="Direct link to CORS"></a></h2>
 <div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_BuS1"><p>In Superset versions prior to <code>5.x</code> you have to install to install <code>flask-cors</code> with <code>pip install flask-cors</code> to enable CORS support.</p></div></div>
 <p>The following keys in <code>superset_config.py</code> can be specified to configure CORS:</p>
 <ul>
 <li><code>ENABLE_CORS</code>: Must be set to <code>True</code> in order to enable CORS</li>
 <li><code>CORS_OPTIONS</code>: options passed to Flask-CORS
 (<a href="https://flask-cors.readthedocs.io/en/latest/api.html#extension" target="_blank" rel="noopener noreferrer">documentation</a>)</li>
 </ul>
 <h2 class="anchor anchorWithStickyNavbar_LWe7" id="http-headers">HTTP headers<a href="#http-headers" class="hash-link" aria-label="Direct link to HTTP headers" title="Direct link to HTTP headers"></a></h2>
 <p>Note that Superset bundles <a href="https://pypi.org/project/talisman/" target="_blank" rel="noopener noreferrer">flask-talisman</a>
 Self-described as a small Flask extension that handles setting HTTP headers that can help
 protect against a few common web application security issues.</p>
 <h2 class="anchor anchorWithStickyNavbar_LWe7" id="html-embedding-of-dashboards-and-charts">HTML Embedding of Dashboards and Charts<a href="#html-embedding-of-dashboards-and-charts" class="hash-link" aria-label="Direct link to HTML Embedding of Dashboards and Charts" title="Direct link to HTML Embedding of Dashboards and Charts"></a></h2>
 <p>There are two ways to embed a dashboard: Using the <a href="https://www.npmjs.com/package/@superset-ui/embedded-sdk" target="_blank" rel="noopener noreferrer">SDK</a> or embedding a direct link. Note that in the latter case everybody who knows the link is able to access the dashboard.</p>
 <h3 class="anchor anchorWithStickyNavbar_LWe7" id="embedding-a-public-direct-link-to-a-dashboard">Embedding a Public Direct Link to a Dashboard<a href="#embedding-a-public-direct-link-to-a-dashboard" class="hash-link" aria-label="Direct link to Embedding a Public Direct Link to a Dashboard" title="Direct link to Embedding a Public Direct Link to a Dashboard"></a></h3>
 <p>This works by first changing the content security policy (CSP) of <a href="https://github.com/GoogleCloudPlatform/flask-talisman" target="_blank" rel="noopener noreferrer">flask-talisman</a> to allow for certain domains to display Superset content. Then a dashboard can be made publicly accessible, i.e. <strong>bypassing authentication</strong>. Once made public, the dashboard&#x27;s URL can be added to an iframe in another website&#x27;s HTML code.</p>
 <h4 class="anchor anchorWithStickyNavbar_LWe7" id="changing-flask-talisman-csp">Changing flask-talisman CSP<a href="#changing-flask-talisman-csp" class="hash-link" aria-label="Direct link to Changing flask-talisman CSP" title="Direct link to Changing flask-talisman CSP"></a></h4>
 <p>Add to <code>superset_config.py</code> the entire <code>TALISMAN_CONFIG</code> section from <code>config.py</code> and include a <code>frame-ancestors</code> section:</p>
 <div class="language-python codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#9CDCFE;--prism-background-color:#1E1E1E"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-python codeBlock_bY9V thin-scrollbar" style="color:#9CDCFE;background-color:#1E1E1E"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#9CDCFE"><span class="token plain">TALISMAN_ENABLED </span><span class="token operator" style="color:rgb(212, 212, 212)">=</span><span class="token plain"> </span><span class="token boolean">True</span><span class="token plain"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token plain">TALISMAN_CONFIG </span><span class="token operator" style="color:rgb(212, 212, 212)">=</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(212, 212, 212)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token plain">    </span><span class="token string" style="color:rgb(206, 145, 120)">&quot;content_security_policy&quot;</span><span class="token punctuation" style="color:rgb(212, 212, 212)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(212, 212, 212)">{</span><span class="token plain"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(212, 212, 212)">.</span><span class="token punctuation" style="color:rgb(212, 212, 212)">.</span><span class="token punctuation" style="color:rgb(212, 212, 212)">.</span><span class="token plain"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token plain"> </span><span class="token string" style="color:rgb(206, 145, 120)">&quot;frame-ancestors&quot;</span><span class="token punctuation" style="color:rgb(212, 212, 212)">:</span><span class="token plain"> </span><span class="token punctuation" style="color:rgb(212, 212, 212)">[</span><span class="token string" style="color:rgb(206, 145, 120)">&quot;*.my-domain.com&quot;</span><span class="token punctuation" style="color:rgb(212, 212, 212)">,</span><span class="token plain"> </span><span class="token string" style="color:rgb(206, 145, 120)">&quot;*.another-domain.com&quot;</span><span class="token punctuation" style="color:rgb(212, 212, 212)">]</span><span class="token punctuation" style="color:rgb(212, 212, 212)">,</span><span class="token plain"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token plain">    </span><span class="token punctuation" style="color:rgb(212, 212, 212)">.</span><span class="token punctuation" style="color:rgb(212, 212, 212)">.</span><span class="token punctuation" style="color:rgb(212, 212, 212)">.</span><br></span></code></pre></div></div>
 <p>Restart Superset for this configuration change to take effect.</p>
 <h4 class="anchor anchorWithStickyNavbar_LWe7" id="making-a-dashboard-public">Making a Dashboard Public<a href="#making-a-dashboard-public" class="hash-link" aria-label="Direct link to Making a Dashboard Public" title="Direct link to Making a Dashboard Public"></a></h4>
 <ol>
 <li>Add the <code>&#x27;DASHBOARD_RBAC&#x27;: True</code> <a href="https://github.com/apache/superset/blob/master/RESOURCES/FEATURE_FLAGS.md" target="_blank" rel="noopener noreferrer">Feature Flag</a> to <code>superset_config.py</code></li>
 <li>Add the <code>Public</code> role to your dashboard as described <a href="https://superset.apache.org/docs/using-superset/creating-your-first-dashboard/#manage-access-to-dashboards" target="_blank" rel="noopener noreferrer">here</a></li>
 </ol>
 <h4 class="anchor anchorWithStickyNavbar_LWe7" id="embedding-a-public-dashboard">Embedding a Public Dashboard<a href="#embedding-a-public-dashboard" class="hash-link" aria-label="Direct link to Embedding a Public Dashboard" title="Direct link to Embedding a Public Dashboard"></a></h4>
 <p>Now anybody can directly access the dashboard&#x27;s URL. You can embed it in an iframe like so:</p>
 <div class="language-html codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#9CDCFE;--prism-background-color:#1E1E1E"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-html codeBlock_bY9V thin-scrollbar" style="color:#9CDCFE;background-color:#1E1E1E"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#9CDCFE"><span class="token tag punctuation" style="color:rgb(212, 212, 212)">&lt;</span><span class="token tag" style="color:rgb(78, 201, 176)">iframe</span><span class="token tag" style="color:rgb(78, 201, 176)"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token tag" style="color:rgb(78, 201, 176)">  </span><span class="token tag attr-name" style="color:rgb(156, 220, 254)">width</span><span class="token tag attr-value punctuation attr-equals" style="color:rgb(212, 212, 212)">=</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag attr-value" style="color:rgb(206, 145, 120)">600</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag" style="color:rgb(78, 201, 176)"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token tag" style="color:rgb(78, 201, 176)">  </span><span class="token tag attr-name" style="color:rgb(156, 220, 254)">height</span><span class="token tag attr-value punctuation attr-equals" style="color:rgb(212, 212, 212)">=</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag attr-value" style="color:rgb(206, 145, 120)">400</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag" style="color:rgb(78, 201, 176)"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token tag" style="color:rgb(78, 201, 176)">  </span><span class="token tag attr-name" style="color:rgb(156, 220, 254)">seamless</span><span class="token tag" style="color:rgb(78, 201, 176)"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token tag" style="color:rgb(78, 201, 176)">  </span><span class="token tag attr-name" style="color:rgb(156, 220, 254)">frameBorder</span><span class="token tag attr-value punctuation attr-equals" style="color:rgb(212, 212, 212)">=</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag attr-value" style="color:rgb(206, 145, 120)">0</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag" style="color:rgb(78, 201, 176)"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token tag" style="color:rgb(78, 201, 176)">  </span><span class="token tag attr-name" style="color:rgb(156, 220, 254)">scrolling</span><span class="token tag attr-value punctuation attr-equals" style="color:rgb(212, 212, 212)">=</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag attr-value" style="color:rgb(206, 145, 120)">no</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag" style="color:rgb(78, 201, 176)"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token tag" style="color:rgb(78, 201, 176)">  </span><span class="token tag attr-name" style="color:rgb(156, 220, 254)">src</span><span class="token tag attr-value punctuation attr-equals" style="color:rgb(212, 212, 212)">=</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag attr-value" style="color:rgb(206, 145, 120)">https://superset.my-domain.com/superset/dashboard/10/?standalone=1&amp;height=400</span><span class="token tag attr-value punctuation" style="color:rgb(212, 212, 212)">&quot;</span><span class="token tag" style="color:rgb(78, 201, 176)"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token tag" style="color:rgb(78, 201, 176)"></span><span class="token tag punctuation" style="color:rgb(212, 212, 212)">&gt;</span><span class="token plain"></span><br></span><span class="token-line" style="color:#9CDCFE"><span class="token plain"></span><span class="token tag punctuation" style="color:rgb(212, 212, 212)">&lt;/</span><span class="token tag" style="color:rgb(78, 201, 176)">iframe</span><span class="token tag punctuation" style="color:rgb(212, 212, 212)">&gt;</span><br></span></code></pre></div></div>
 <h4 class="anchor anchorWithStickyNavbar_LWe7" id="embedding-a-chart">Embedding a Chart<a href="#embedding-a-chart" class="hash-link" aria-label="Direct link to Embedding a Chart" title="Direct link to Embedding a Chart"></a></h4>
 <p>A chart&#x27;s embed code can be generated by going to a chart&#x27;s edit view and then clicking at the top right on <code>...</code> &gt; <code>Share</code> &gt; <code>Embed code</code></p>
 <h3 class="anchor anchorWithStickyNavbar_LWe7" id="enabling-embedding-via-the-sdk">Enabling Embedding via the SDK<a href="#enabling-embedding-via-the-sdk" class="hash-link" aria-label="Direct link to Enabling Embedding via the SDK" title="Direct link to Enabling Embedding via the SDK"></a></h3>
 <p>Clicking on <code>...</code> next to <code>EDIT DASHBOARD</code> on the top right of the dashboard&#x27;s overview page should yield a drop-down menu including the entry &quot;Embed dashboard&quot;.</p>
 <p>To enable this entry, add the following line to the <code>.env</code> file:</p>
 <div class="language-text codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#9CDCFE;--prism-background-color:#1E1E1E"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar" style="color:#9CDCFE;background-color:#1E1E1E"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#9CDCFE"><span class="token plain">SUPERSET_FEATURE_EMBEDDED_SUPERSET=true</span><br></span></code></pre></div></div>
 <h2 class="anchor anchorWithStickyNavbar_LWe7" id="csrf-settings">CSRF settings<a href="#csrf-settings" class="hash-link" aria-label="Direct link to CSRF settings" title="Direct link to CSRF settings"></a></h2>
 <p>Similarly, <a href="https://flask-wtf.readthedocs.io/en/0.15.x/config/" target="_blank" rel="noopener noreferrer">flask-wtf</a> is used to manage
 some CSRF configurations. If you need to exempt endpoints from CSRF (e.g. if you are
 running a custom auth postback endpoint), you can add the endpoints to <code>WTF_CSRF_EXEMPT_LIST</code>:</p>
 <h2 class="anchor anchorWithStickyNavbar_LWe7" id="ssh-tunneling">SSH Tunneling<a href="#ssh-tunneling" class="hash-link" aria-label="Direct link to SSH Tunneling" title="Direct link to SSH Tunneling"></a></h2>
 <ol>
 <li>
 <p>Turn on feature flag</p>
 <ul>
 <li>Change <a href="https://github.com/apache/superset/blob/eb8386e3f0647df6d1bbde8b42073850796cc16f/superset/config.py#L489" target="_blank" rel="noopener noreferrer"><code>SSH_TUNNELING</code></a> to <code>True</code></li>
 <li>If you want to add more security when establishing the tunnel we allow users to overwrite the <code>SSHTunnelManager</code> class <a href="https://github.com/apache/superset/blob/eb8386e3f0647df6d1bbde8b42073850796cc16f/superset/config.py#L507" target="_blank" rel="noopener noreferrer">here</a></li>
 <li>You can also set the <a href="https://github.com/apache/superset/blob/eb8386e3f0647df6d1bbde8b42073850796cc16f/superset/config.py#L508" target="_blank" rel="noopener noreferrer"><code>SSH_TUNNEL_LOCAL_BIND_ADDRESS</code></a> this the host address where the tunnel will be accessible on your VPC</li>
 </ul>
 </li>
 <li>
 <p>Create database w/ ssh tunnel enabled</p>
 <ul>
 <li>With the feature flag enabled you should now see ssh tunnel toggle.</li>
 <li>Click the toggle to enable SSH tunneling and add your credentials accordingly.<!-- -->
 <ul>
 <li>Superset allows for two different types of authentication (Basic + Private Key). These credentials should come from your service provider.</li>
 </ul>
 </li>
 </ul>
 </li>
 <li>
 <p>Verify data is flowing</p>
 <ul>
 <li>Once SSH tunneling has been enabled, go to SQL Lab and write a query to verify data is properly flowing.</li>
 </ul>
 </li>
 </ol>
 <h2 class="anchor anchorWithStickyNavbar_LWe7" id="domain-sharding">Domain Sharding<a href="#domain-sharding" class="hash-link" aria-label="Direct link to Domain Sharding" title="Direct link to Domain Sharding"></a></h2>
 <div class="theme-admonition theme-admonition-note admonition_xJq3 alert alert--secondary"><div class="admonitionHeading_Gvgb"><span class="admonitionIcon_Rf37"><svg viewBox="0 0 14 16"><path fill-rule="evenodd" d="M6.3 5.69a.942.942 0 0 1-.28-.7c0-.28.09-.52.28-.7.19-.18.42-.28.7-.28.28 0 .52.09.7.28.18.19.28.42.28.7 0 .28-.09.52-.28.7a1 1 0 0 1-.7.3c-.28 0-.52-.11-.7-.3zM8 7.99c-.02-.25-.11-.48-.31-.69-.2-.19-.42-.3-.69-.31H6c-.27.02-.48.13-.69.31-.2.2-.3.44-.31.69h1v3c.02.27.11.5.31.69.2.2.42.31.69.31h1c.27 0 .48-.11.69-.31.2-.19.3-.42.31-.69H8V7.98v.01zM7 2.3c-3.14 0-5.7 2.54-5.7 5.68 0 3.14 2.56 5.7 5.7 5.7s5.7-2.55 5.7-5.7c0-3.15-2.56-5.69-5.7-5.69v.01zM7 .98c3.86 0 7 3.14 7 7s-3.14 7-7 7-7-3.12-7-7 3.14-7 7-7z"></path></svg></span>note</div><div class="admonitionContent_BuS1"><p>Domain Sharding is deprecated as of Superset 5.0.0, and will be removed in Superset 6.0.0. Please Enable HTTP2 to keep more open connections per domain.</p></div></div>
 <p>Chrome allows up to 6 open connections per domain at a time. When there are more than 6 slices in
 dashboard, a lot of time fetch requests are queued up and wait for next available socket.
 <a href="https://github.com/apache/superset/pull/5039" target="_blank" rel="noopener noreferrer">PR 5039</a> adds domain sharding to Superset,
 and this feature will be enabled by configuration only (by default Superset doesn’t allow
 cross-domain request).</p>
 <p>Add the following setting in your <code>superset_config.py</code> file:</p>
 <ul>
 <li><code>SUPERSET_WEBSERVER_DOMAINS</code>: list of allowed hostnames for domain sharding feature.</li>
 </ul>
 <p>Please create your domain shards as subdomains of your main domain for authorization to
 work properly on new domains. For Example:</p>
 <ul>
 <li><code>SUPERSET_WEBSERVER_DOMAINS=[&#x27;superset-1.mydomain.com&#x27;,&#x27;superset-2.mydomain.com&#x27;,&#x27;superset-3.mydomain.com&#x27;,&#x27;superset-4.mydomain.com&#x27;]</code></li>
 </ul>
 <p>or add the following setting in your <code>superset_config.py</code> file if domain shards are not subdomains of main domain.</p>
 <ul>
 <li><code>SESSION_COOKIE_DOMAIN = &#x27;.mydomain.com&#x27;</code></li>
 </ul>
 <h2 class="anchor anchorWithStickyNavbar_LWe7" id="middleware">Middleware<a href="#middleware" class="hash-link" aria-label="Direct link to Middleware" title="Direct link to Middleware"></a></h2>
 <p>Superset allows you to add your own middleware. To add your own middleware, update the
 <code>ADDITIONAL_MIDDLEWARE</code> key in your <code>superset_config.py</code>. <code>ADDITIONAL_MIDDLEWARE</code> should be a list
 of your additional middleware classes.</p>
 <p>For example, to use <code>AUTH_REMOTE_USER</code> from behind a proxy server like nginx, you have to add a
 simple middleware class to add the value of <code>HTTP_X_PROXY_REMOTE_USER</code> (or any other custom header
 from the proxy) to Gunicorn’s <code>REMOTE_USER</code> environment variable.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col"><a href="https://github.com/apache/superset/edit/master/docs/docs/configuration/networking-settings.mdx" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/configuration/timezones"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Timezones</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/configuration/event-logging"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">Event Logging</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#cors" class="table-of-contents__link toc-highlight">CORS</a></li><li><a href="#http-headers" class="table-of-contents__link toc-highlight">HTTP headers</a></li><li><a href="#html-embedding-of-dashboards-and-charts" class="table-of-contents__link toc-highlight">HTML Embedding of Dashboards and Charts</a><ul><li><a href="#embedding-a-public-direct-link-to-a-dashboard" class="table-of-contents__link toc-highlight">Embedding a Public Direct Link to a Dashboard</a></li><li><a href="#enabling-embedding-via-the-sdk" class="table-of-contents__link toc-highlight">Enabling Embedding via the SDK</a></li></ul></li><li><a href="#csrf-settings" class="table-of-contents__link toc-highlight">CSRF settings</a></li><li><a href="#ssh-tunneling" class="table-of-contents__link toc-highlight">SSH Tunneling</a></li><li><a href="#domain-sharding" class="table-of-contents__link toc-highlight">Domain Sharding</a></li><li><a href="#middleware" class="table-of-contents__link toc-highlight">Middleware</a></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">
           <div class="footer__applitools">
             We use &nbsp;<a href="https://applitools.com/" target="_blank" rel="nofollow"><img src="/img/applitools.png" title="Applitools"></a>
           </div>
           <p>Copyright © 2024,
           The <a href="https://www.apache.org/" target="_blank" rel="noreferrer">Apache Software Foundation</a>,
           Licensed under the Apache <a href="https://apache.org/licenses/LICENSE-2.0" target="_blank" rel="noreferrer">License</a>.</p>
           <p><small>Apache Superset, Apache, Superset, the Superset logo, and the Apache feather logo are either registered trademarks or trademarks of The Apache Software Foundation. All other products or name brands are trademarks of their respective holders, including The Apache Software Foundation.
           <a href="https://www.apache.org/" target="_blank">Apache Software Foundation</a> resources</small></p>
           <img class="footer__divider" src="/img/community/line.png" alt="Divider">
           <p>
             <small>
               <a href="/docs/security/" target="_blank" rel="noreferrer">Security</a>&nbsp;|&nbsp;
               <a href="https://www.apache.org/foundation/sponsorship.html" target="_blank" rel="noreferrer">Donate</a>&nbsp;|&nbsp;
               <a href="https://www.apache.org/foundation/thanks.html" target="_blank" rel="noreferrer">Thanks</a>&nbsp;|&nbsp;
               <a href="https://apache.org/events/current-event" target="_blank" rel="noreferrer">Events</a>&nbsp;|&nbsp;
               <a href="https://apache.org/licenses/" target="_blank" rel="noreferrer">License</a>&nbsp;|&nbsp;
               <a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="_blank" rel="noreferrer">Privacy</a>
             </small>
           </p>
           <!-- telemetry/analytics pixel: -->
           <img referrerpolicy="no-referrer-when-downgrade" src="https://static.scarf.sh/a.png?x-pxid=39ae6855-95fc-4566-86e5-360d542b0a68">
           </div></div></div></footer></div>
 </body>
 </html>