cancel
Showing results for 
Search instead for 
Did you mean: 

Compose SDK - useExecuteQueryByWidgetId

vladimir
8 - Cloud Apps
8 - Cloud Apps

Hi,

useExecuteQueryByWidgetId hook from Compose SDK is returning the error "no csrf cookie" code 800, when tring to execute jaql query against data source, even though there is a cookie  XSRF-TOKEN set

Do you know why this might be happening?

1 ACCEPTED SOLUTION

vladimir
8 - Cloud Apps
8 - Cloud Apps

But what i figured now is that Embedded Domain White List was not correctly configured for CSRF. I thinks this is the solution for the problem here.

View solution in original post

5 REPLIES 5

taras
Sisense Team Member
Sisense Team Member

Hi @vladimir ,

The error message "no CSRF cookie" typically indicates an issue with Cross-Site Request Forgery (CSRF) protection. CSRF protection is a security measure to prevent unauthorized actions from being executed via forged requests.

Here are a few things you might want to check to troubleshoot this issue:

  • CSRF Token Generation: Ensure that the CSRF token is being generated and set correctly. The token should be unique for each session and should be included in the request headers when making requests to the server.
  • CSRF Token Inclusion: Verify that the CSRF token is being included in the request headers when executing the jaql query. Double-check the request headers to make sure the XSRF-TOKEN cookie is being sent along with the request.
  • Cookie Settings: Check if the XSRF-TOKEN cookie is set with the correct path and domain. Sometimes, incorrect cookie settings can cause issues with CSRF protection.
  • Server-side Configuration: Ensure that the CSRF protection is OFF in Sisense Security settings, if you are calling the request from a domain different than the Sisense one. You can find more details about CSRF here: https://docs.sisense.com/main/SisenseLinux/csrf.htm

Let me know if the above helps and feel free to create a support ticket, if assistance is still required.

 

Taras Skvarko
Technical Consultant

DRay
Community Team Leader
Community Team Leader

Hi @vladimir,

I wanted to follow up to see if the solution offered by @taras worked for you.

If so, please click the 'Accept as Solution' button so that other users with the same questions can find the answer faster. If not, please let us know so that we can continue to help.

Thank you.

David Raynor (DRay)

vladimir
8 - Cloud Apps
8 - Cloud Apps

@DRay @taras 

While i can see the data when i switch off CSRF in Server-side Configuration, i don't think this should be necessary, since Sisense lives in prefix.mydomain.com and i am accessing it from mydomain.com with XSRF-TOKEN included in the cookie.

The real issue might me somewhere else.

vladimir
8 - Cloud Apps
8 - Cloud Apps

But what i figured now is that Embedded Domain White List was not correctly configured for CSRF. I thinks this is the solution for the problem here.

DRay
Community Team Leader
Community Team Leader

Hi @vladimir,

Did that get it resolved for you? Hopefully you're up and running now. Please let us know if you need any more help.

David Raynor (DRay)