Added #superset-ui/embedded-sdk according to the instructions https://www.npmjs.com/package/#superset-ui/embedded-sdk to a React App.
Before passing the guest the correct token I get a 401 permissions error which is expected.
I create a guest token with guest token API as mentioned in https://superset.apache.org/docs/api/
With this token, I get a 403 forbidden error. I am not quite able to figure out source of this error.
I have added -
SESSION_COOKIE_SAMESITE = None
CORS Options -
'origins': ['http://localhost:3000', '']
What could be the reason for the error?
Enabling the following flag in superset_config.py, worked for me.
GUEST_ROLE_NAME = "Gamma"
Pls refer https://github.com/apache/superset/issues/22258
Related
I get 500 server error on my django website thats running on Google App Engine. When I look at Google App Engine logs I see the following error:
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/discovery/v1/apis/gmail/v1/rest returned "The caller does not have permission">
When I hard refresh the browser this error goes away. Then after some time it pops back up. Happens on mobile(firefox, safari), laptop (firefox,chrome).
UPDATE:
In Django settings.py I have following code. Its last line generates the error :
pickle_path = 'token.pickle' # path to token.pickle
with open(pickle_path, 'rb') as token:
creds = pickle.load(token)
SERVICE = build('gmail', 'v1', credentials=creds) # ERROR LINE
When I run the django server locally: I get following error:
googleapiclient.errors.HttpError: <HttpError 403 when requesting https://www.googleapis.com/discovery/v1/apis/gmail/v1/rest returned "The caller does not have permission">
When I restart cloud sql connection from my terminal - the error is gone. This never used to happen until a few days ago.
Here's a workaround:
Download the discovery_doc directly from google here
Load the json file (you can name it gmail-api.json)
Build from this json file using build_from_document
Before
from googleapiclient.discovery import build
gmail_creds = get_service_account_creds()
gmail_service = build('gmail', 'v1', credentials=gmail_creds)
After
from googleapiclient.discovery import build_from_document
discovery_doc = load_json('config/gmail-api.json')
gmail_creds = get_service_account_creds()
gmail_service = build_from_document(discovery_doc, credentials=gmail_creds)
It seems that it is now a P0 for Google, so hopefully it will be fixed soon.
https://issuetracker.google.com/issues/160441983
I am also started facing this issue. I have been using Google APIs for more than a year, but suddenly this error HttpError 403 when requesting https://www.googleapis.com/discovery/v1/apis/gmail/v1/rest returned "The caller does not have permission. However, couple of times I didn't see this error and API call was successful. I hope this error at the Gmail API server.
Update:
I am able to call Google APIs without any issues. Seems like issue is resolved at google's end.
I am having the same issue with GAM ADV-X. I thought it was an issue on my computer so I tried on 2 different computers and get the same error. It indeed looks like something changed in the Gmail API over the weekend. Will submit a ticket to Google.
I've followed closely this tutorial which is great.
Everything worked fine until today, where when I log with github I get this error:
HTTPError at /oauth/complete/github/
403 Client Error: Forbidden for url: https://github.com/login/oauth/access_token
What am I missing / what could I have changed?
I'm currently developping a Website with social networks login.
Everything works fine (google, facebook and twitter) but not github: after some attempts, I'm getting now a 403.
The problem in Django is that 403 errors dont show the HTML content that come with the error!
I had to run in Debug mode and add a breakpoint in the file
/usr/local/lib/python3.7/site-packages/requests/models.py
line 940 / where there's the code raise HTTPError(http_error_msg, response=self)
Inspecting the variable self.content.decode("utf-8") showed me that I've been restricted (for no logical reason - what's more strange is that the same code, on my same PC but under Windows, works like a charm).
I'm hoping the technical team at github will explain what went wrong...
I am trying to log into my WSO2 management console. It is containerized and hosted in an AWS EC2 instance. I can navigate to the console login page, but when I try to login I get a 403 Forbidden message.
Navigation to login page is okay
Forbidden error
I know that the cause of this issue is that my login page is not posting the X-CSRF-Token.
Example of the form data posted in my "bad" request:
The console of my WSO2 instance prints an error like this:
WARN {org.owasp.csrfguard.log.JavaLogger} - potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:IP_ADDRESS, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)
Example of the form data posted in a "good" request in a local WSO2 instance:
What I have tried:
I have tried turning compression "off" as suggested by this post: wso2 api manger carbon page gives 403 Forbidden
I am not using JDK 1.8.0_151 which is labeled as a version with a bug.
I am able to circumvent the issue if I disable the csrfguard in Owasp.CsrfGuard.Carbon.properties but this is a security risk.
I have sticky sessions enabled
Any ideas on why the posting to the login_action.jsp page would return a 403?
EDIT
I failed to mention in the post that I am using TLS termination with an AWS load balancer. I am almost certain that my issue has something to do with that. This line from my console output details what my error is:
Referer domain https:LOAD_BALANCER_URL/carbon/admin/login.jsp does not match request domain: http://LOAD_BALANCER_URL/carbon/admin/js/csrfPrevention.js
You can see that the referer is using https but the request is using http. I believe that I want the request domain to be https, but I'm not sure how to do that. I think that the first page is making a call to login.jsp with https and the login.jsp page is making a call to the csrfPrevention.js page but changing the protocol to http.
Please refer the OS and JDK incompatibilities matrix and make sure you are not using one of these OS JDK pairs.
Do you have a load balancer fronting your Identity Server? If so, please verify that you have enabled sticky sessions in your LB. You can find sample NGINX the configurations in the guide - docs.wso2.com/display/CLUSTER44x/Configuring+NGINX
Lower the version of java JDK to 1.8.0_144.If it's not worked go to this location
wso2Servers/wso2is-5.5.0/repository/conf/security .
There is a file name Owasp.CsrfGuard.Carbon.properties.
In that file, there is a line
org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = true
set this to
org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = false
This worked for me.
I'm creating a simple lambda function in AWS and wiring it with API gateway.
The issue, I'm having is that I'm getting "Missing Authentication Token" error response, while trying to reach created resource via HTTP, even I have "Authorization: NONE" defined in resource settings.
Here are the resource details:
Any reason, why Authorization option ignored? Did anyone had similar issue before?
Make sure you use the correct URL path for your stage. (Also make sure you deployed)
From the image above is how you can get the correct url.
I have the similar issue:
I have a public gateway "GET" API, which is working perfectly if I directly open it from the browser without authorization. But I get the 403 "Missing Authentication Token" error when I called it directly from a Java code:
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("GET");
conn.setRequestProperty("Content-Type", "application/json");
//conn.setRequestProperty("Authorization", myJWTToken);
String result = getResponse(conn, mapper);
System.out.println(result);
But I succeed in Java when I removed that conn.setDoOutput(true) line
I want to use google apis in my app.
I successful get my access token but I am getting error :-
"Missing token endpoint URI."
My code is
def calender
client = Signet::OAuth2::Client.new(access_token: session[:access_token])
drive = Google::Apis::DriveV3::DriveService.new
drive.authorization = client
files = drive.list_files
end
when I printed my client variable, it showed my these details
#<Google::Apis::DriveV3::DriveService:0x0000010cc287f8
#root_url="https://www.googleapis.com/",
#base_path="drive/v3/",
#upload_path="upload/drive/v3/",
#batch_path="batch",
#client_options=#<struct Google::Apis::ClientOptions application_name="unknown", application_version="0.0.0", proxy_url=nil, use_net_http=false>,
#request_options=#<struct Google::Apis::RequestOptions
authorization=#<Signet::OAuth2::Client:0x0000010cc288c0
#authorization_uri=nil,
#token_credential_uri=nil,
#client_id=nil,
#client_secret=nil,
#code=nil,
#expires_at=nil,
#expires_in=nil,
#issued_at=nil,
#issuer=nil,
#password=nil,
#principal=nil,
#redirect_uri=nil,
#scope=nil,
#state=nil,
#username=nil,
#expiry=60,
#extension_parameters={},
#additional_parameters={},
#access_token="ya29.CjAbA8B7CFyhBLhFuEtP6kmCmuvJESwClkchiPpydjAqBOvDuvDERVCSVrYSSWLZvZc">, retries=0,
header=nil,
timeout_sec=nil,
open_timeout_sec=20>
I have spent two days to resolve this and explored whole internet but my issue is not resolved. My issue is related to already reported issue :-
Missing token endpoint URI while using a valid access_token
But solution provided in it is also not working for me. There is no attribute of "authentication" that I can use to assign my token.
I would greatly appreciate if someone help me with this.