-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/params on embeds #995
Conversation
@@ -201,6 +201,12 @@ def all_settings(): | |||
# Enhance schema fetching | |||
SCHEMA_RUN_TABLE_SIZE_CALCULATIONS = parse_boolean(os.environ.get("REDASH_SCHEMA_RUN_TABLE_SIZE_CALCULATIONS", "false")) | |||
|
|||
# Allow Parameters in Embeds | |||
# Warning: This will expose the full sql query and query attributes in the embed javascript | |||
# If you are exposing embeds publicly, be aware that this setting can leak your sql queries |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worth mentioning that there is also the danger of SQL injection.
|
||
|
||
response = render_template("public.html", | ||
headless='embed' in request.args, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the context of a visualization embed, you can always pass here True
.
Played around with it and found several issues, that are actually issues in the code you're using and not in your pull request directly: In case Possible solutions: simple workaround of passing an empty string as The API key we use is of a query, therefore we need a This one is trickier to solve and will require some refactoring both on the server side and in the |
Closing in favor of #1014. We will eventually implement something along the lines of my comment above, but until then... |
Hi, can you give me an example on how to embed with parameters? I have tried several ways like the one below, but could not make it work. http://server/embed/query/3/visualization/4?api_key=apikey&p_start_date=2017-03-01 Also enabled REDASH_ALLOW_PARAMETERS_IN_EMBEDS=true in the .env file, and restarted. I will appreciate any help. |
How can we embed with parameters? I'll be thankful if anyone can give an example. |
I found a while and cannot get the answer. So I just try and it works.
Params: Start Date & End Date in the query in redash The &p_Start%20Date=2018 04-10&p_End%20Date=2018-04-18 will be the params in the query inside redash. Remarks: Redash version: Redash 3.0.0+b3147 |
Hey @arikfr,
Here's a pull request fulfilling #929. Given the potential sensitivity around maybe exposing the query sql, I added a parameter, defaulting to off, to enable this feature. Added comments about potential side-effects of this feature.
Also enabled maxAge on embeds.
Happy to have a chat if this isn't quite how you would've done it.
Tom