Skip to content

feat(embedded): add feature flag to disable logout button in embedded contexts #37537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
richardfogaca wants to merge 3 commits into
base: master
Choose a base branch
from
Open

feat(embedded): add feature flag to disable logout button in embedded contexts #37537

richardfogaca wants to merge 3 commits into from
+88 −10

Conversation

@richardfogaca
Copy link
Contributor

@richardfogaca richardfogaca commented Jan 29, 2026
edited
Loading

SUMMARY

This PR introduces a new feature flag DISABLE_EMBEDDED_SUPERSET_LOGOUT that hides the logout button when Superset is embedded via iframe in SSO-managed authentication flows.

Use Case: When Superset is embedded within a parent application that manages authentication via SSO, the logout button in Superset becomes problematic:

  • Users logging out of Superset while remaining in the parent app creates a confusing experience
  • The parent application should control the authentication lifecycle, not the embedded Superset instance
  • Clicking logout in the iframe may break the SSO session or cause unexpected behavior

Solution: A feature flag that conditionally hides the logout menu item in the Settings dropdown, allowing administrators to disable logout functionality in embedded deployments while preserving it for standalone use.

Changes:

  1. Backend (superset/config.py): Added DISABLE_EMBEDDED_SUPERSET_LOGOUT to DEFAULT_FEATURE_FLAGS with default value False, including @docs annotation linking to documentation
  2. Frontend enum (featureFlags.ts): Added DisableEmbeddedSupersetLogout TypeScript enum entry
  3. RightMenu component (RightMenu.tsx): Wrapped logout menu item in conditional check using isFeatureEnabled()
  4. Tests (RightMenu.test.tsx): Added 2 new tests covering both enabled and disabled states
  5. Documentation (docs/docs/configuration/networking-settings.mdx): Added "Hiding the Logout Button in Embedded Contexts" section under HTML Embedding

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

BEFORE (Flag Disabled - Default Behavior):
Settings menu shows the Logout option as expected.

logout-visible-flag-disabled

AFTER (Flag Enabled):
Settings menu no longer shows the Logout option - users must log out through the parent application.

logout-hidden-flag-enabled

TESTING INSTRUCTIONS

Unit Tests

cd superset-frontend
npm run test -- src/features/home/RightMenu.test.tsx

All 9 tests pass, including:

  • shows logout button when DISABLE_EMBEDDED_SUPERSET_LOGOUT is false
  • hides logout button when DISABLE_EMBEDDED_SUPERSET_LOGOUT is true

Manual Testing

  1. Test with flag disabled (default):

    • Start Superset normally
    • Log in and click Settings dropdown
    • Verify "Logout" option is visible

  2. Test with flag enabled:

    • Add to superset_config.py: 
      FEATURE_FLAGS = {
    'DISABLE_EMBEDDED_SUPERSET_LOGOUT': True,
}
    • Restart Superset
    • Log in and click Settings dropdown
    • Verify "Logout" option is not visible

  3. Test in iframe context:

    • Create a simple HTML page with Superset in an iframe: 
      <iframe src="http://localhost:8088" width="100%" height="800"></iframe>
    • With flag enabled, confirm logout is hidden
    • With flag disabled, confirm logout is visible

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags: DISABLE_EMBEDDED_SUPERSET_LOGOUT
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@github-actions github-actions bot added the doc Namespace | Anything related to documentation label Jan 29, 2026
@bito-code-review
Copy link
Contributor

bito-code-review bot commented Jan 29, 2026
edited
Loading

Code Review Agent Run #9e3d06

Actionable Suggestions - 0
Review Details
  • Files reviewed - 5 · Commit Range: 0cef9a3..0cef9a3
    • docs/docs/configuration/networking-settings.mdx
    • superset-frontend/packages/superset-ui-core/src/utils/featureFlags.ts
    • superset-frontend/src/features/home/RightMenu.test.tsx
    • superset-frontend/src/features/home/RightMenu.tsx
    • superset/config.py
  • Files skipped - 1
    • docs/static/feature-flags.json - Reason: Filter setting
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • Eslint (Linter) - ✔︎ Successful
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at [email protected].

Documentation & Help

AI Code Review powered by Bito Logo

@dosubot dosubot bot added change:backend Requires changing the backend change:frontend Requires changing the frontend labels Jan 29, 2026
codeant-ai-for-open-source[bot]
codeant-ai-for-open-source bot reviewed Jan 29, 2026
View reviewed changes
@netlify
Copy link

netlify bot commented Jan 29, 2026

Deploy Preview for superset-docs-preview ready!

Name Link
🔨 Latest commit 0cef9a3
🔍 Latest deploy log https://app.netlify.com/projects/superset-docs-preview/deploys/697aab0c6689670008831c2f
😎 Deploy Preview https://deploy-preview-37537--superset-docs-preview.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov
Copy link

codecov bot commented Jan 29, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.33%. Comparing base (f6f9e08) to head (7f490be).
⚠️ Report is 50 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff             @@
##           master   #37537       +/-   ##
===========================================
+ Coverage        0   66.33%   +66.33%     
===========================================
  Files           0      644      +644     
  Lines           0    49412    +49412     
  Branches        0     5544     +5544     
===========================================
+ Hits            0    32775    +32775     
- Misses          0    15337    +15337     
- Partials        0     1300     +1300
Flag Coverage Δ
hive 41.79% <ø> (?)
mysql 64.39% <ø> (?)
postgres 64.47% <ø> (?)
presto 41.81% <ø> (?)
python 66.30% <ø> (?)
sqlite 64.16% <ø> (?)
unit 100.00% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@richardfogaca
fix(embedded): wrap logout URL with ensureAppRoot for subdirectory de…
8404815 
…ployments

The logout link was missing the ensureAppRoot wrapper that other
internal URLs (like user_info_url) already use, causing logout to
404 in subdirectory deployments.
@bito-code-review
Copy link
Contributor

bito-code-review bot commented Jan 29, 2026
edited
Loading

Code Review Agent Run #9724c4

Actionable Suggestions - 0
Review Details
  • Files reviewed - 5 · Commit Range: 0cef9a3..8404815
    • docs/docs/configuration/networking-settings.mdx
    • superset-frontend/packages/superset-ui-core/src/utils/featureFlags.ts
    • superset-frontend/src/features/home/RightMenu.test.tsx
    • superset-frontend/src/features/home/RightMenu.tsx
    • superset/config.py
  • Files skipped - 1
    • docs/static/feature-flags.json - Reason: Filter setting
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at [email protected].

Documentation & Help

AI Code Review powered by Bito Logo

Antonio-RiveroMartnez
Antonio-RiveroMartnez reviewed Jan 29, 2026
View reviewed changes
superset-frontend/src/features/home/RightMenu.tsx
),
onClick: handleLogout,
});
if (!isFeatureEnabled(FeatureFlag.DisableEmbeddedSupersetLogout)) {
Copy link
Member

@Antonio-RiveroMartnez Antonio-RiveroMartnez Jan 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't more aligned with our existing patterns to use a permission for hide/show a menu? Was there any reason why that wouldn't work on embedded envs?

Copy link
Contributor Author

@richardfogaca richardfogaca Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question! The feature flag is actually the right approach here — permissions are per-role (RBAC), but hiding logout in an embedded deployment is a system-wide concern, not a per-user one. There's no existing can_logout permission in FAB, and creating one would conflate authorization with deployment topology.

There's also direct precedent for this: MENU_HIDE_USER_INFO uses a feature flag for the "Info" item in the same menu (views/base.py:307).

@bito-code-review
Copy link
Contributor

bito-code-review bot commented Feb 3, 2026
edited
Loading

Code Review Agent Run #3608dd

Actionable Suggestions - 0
Review Details
  • Files reviewed - 5 · Commit Range: 8404815..7f490be
    • docs/docs/configuration/networking-settings.mdx
    • superset-frontend/packages/superset-ui-core/src/utils/featureFlags.ts
    • superset-frontend/src/features/home/RightMenu.test.tsx
    • superset-frontend/src/features/home/RightMenu.tsx
    • superset/config.py
  • Files skipped - 1
    • docs/static/feature-flags.json - Reason: Filter setting
  • Tools
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at [email protected].

Documentation & Help

AI Code Review powered by Bito Logo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Antonio-RiveroMartnez Antonio-RiveroMartnez Antonio-RiveroMartnez left review comments

@alexandrusoare alexandrusoare Awaiting requested review from alexandrusoare

@msyavuz msyavuz Awaiting requested review from msyavuz

@rusackas rusackas Awaiting requested review from rusackas

@amaannawab923 amaannawab923 Awaiting requested review from amaannawab923

@EnxDev EnxDev Awaiting requested review from EnxDev

@betodealmeida betodealmeida Awaiting requested review from betodealmeida

@sadpandajoe sadpandajoe Awaiting requested review from sadpandajoe

+1 more reviewer

@codeant-ai-for-open-source codeant-ai-for-open-source[bot] codeant-ai-for-open-source[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

change:backend Requires changing the backend change:frontend Requires changing the frontend doc Namespace | Anything related to documentation packages size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@richardfogaca @Antonio-RiveroMartnez