[bugfix] save dash fails with CSRF related error (apache#2552)

superset/assets/javascripts/dashboard/Dashboard.jsx

@@ -387,9 +387,10 @@ export function dashboardContainer(dashboard) {
 }
 
 $(document).ready(() => {
-    // Getting bootstrapped data from the DOM
-    const dashboardData = $('.dashboard').data('dashboard');
-    const contextData = $('.dashboard').data('context');
+  // Getting bootstrapped data from the DOM
+  utils.initJQueryAjaxCSRF();
+  const dashboardData = $('.dashboard').data('dashboard');
+  const contextData = $('.dashboard').data('context');
 
     const state = getInitialState(dashboardData, contextData);
     const dashboard = dashboardContainer(state.dashboard);

superset/templates/superset/basic.html

@@ -39,7 +39,12 @@
       <div id="app" data-bootstrap="{{ bootstrap_data }}" >
         <img src="/static/assets/images/loading.gif" style="width: 50px; margin: 10px;">
       </div>
-      {{ csrf_token() if csrf_token else None }}
+      <input
+        type="hidden"
+        name="csrf_token"
+        id="csrf_token"
+        value="{{ csrf_token() if csrf_token else '' }}"
+      >
     {% endblock %}
 
     <!-- Modal for misc messages / alerts  -->

superset/templates/superset/dashboard.html

@@ -5,4 +5,10 @@
     {% include 'superset/flash_wrapper.html' %}
     <div id="root"></div>
 </div>
+<input
+  type="hidden"
+  name="csrf_token"
+  id="csrf_token"
+  value="{{ csrf_token() if csrf_token else '' }}"
+>
 {% endblock %}

superset/views/core.py

@@ -2220,11 +2220,8 @@ def sqllab(self):
         d = {
             'defaultDbId': config.get('SQLLAB_DEFAULT_DBID'),
         }
-        from flask_wtf import FlaskForm
-        ff = FlaskForm()
         return self.render_template(
             'superset/sqllab.html',
-            csrf_token=ff.csrf_token,
             bootstrap_data=json.dumps(d, default=utils.json_iso_dttm_ser)
         )
 appbuilder.add_view_no_menu(Superset)