We have redash running on an internal company network, and it’s only accessible from the offices or VPN. We’ve got about 2000 employees, and we want to embed parameterized visualizations on another internal web page to show metrics/details based on the page it’s on.
We’ve gotten everything working except to see an embedded visualization, you must be logged in. I understand the risks associated with potential injection, however this is an internal tool and queries are running against a read only database.
Has anyone implemented something like this, or does anyone have ideas on how we could get around the login part? We technically can forward via proxy a header with each person’s email address quite easily… but I’m pretty sure remote login requires you actually click “login” before you can see anything, so it wouldn’t work on embeds unless everyone at the company went to Redash and logged in (we don’t want this).
Thanks for looking into it. That might be our best option. It still requires you click “remote login” and stuff before you can actually view anything though. I might try and edit the code for that to take place automatically.
One option that worked was removing required login for embeds. In Query_results.py, the following lines were commented out:
if query is not None and query_result is not None and self.current_user.is_api_user():
if query.query_hash != query_result.query_hash:
abort(404, message='No cached result found for this query.')
This isn’t ideal, but it works as we are on an internal network, and we wanted to have “public” urls for internal use. ALSO important to realize, our visualizations are reading from a read-only database, so no worries about anyone malicious dropping tables or things. I made a few other minor code changes, so let me know if the above change by itself doesn’t work. Any thoughts anyone might have are appreciated.
1 Like
Login or sign up disabled while the site is in read only mode