[bugfix] save dash fails with CSRF related error (#2552)

superset/assets/javascripts/dashboard/Dashboard.jsx

@@ -336,6 +336,7 @@ export function dashboardContainer(dashboard) {
 
 $(document).ready(() => {
   // Getting bootstrapped data from the DOM
+  utils.initJQueryAjaxCSRF();
   const dashboardData = $('.dashboard').data('dashboard');
   const contextData = $('.dashboard').data('context');
 

superset/templates/superset/basic.html

@@ -38,7 +38,12 @@
       <div id="app" data-bootstrap="{{ bootstrap_data }}" >
         <img src="/static/assets/images/loading.gif" style="width: 50px; margin: 10px;">
       </div>
-      {{ csrf_token() if csrf_token else None }}
+      <input
+        type="hidden"
+        name="csrf_token"
+        id="csrf_token"
+        value="{{ csrf_token() if csrf_token else '' }}"
+      >
     {% endblock %}
 
     <!-- Modal for misc messages / alerts  -->

superset/templates/superset/dashboard.html

@@ -22,4 +22,10 @@
   <div id="grid-container" class="slice-grid gridster"></div>
 
 </div>
+<input
+  type="hidden"
+  name="csrf_token"
+  id="csrf_token"
+  value="{{ csrf_token() if csrf_token else '' }}"
+>
 {% endblock %}

superset/views/core.py

@@ -2198,11 +2198,8 @@ class Superset(BaseSupersetView):
         d = {
             'defaultDbId': config.get('SQLLAB_DEFAULT_DBID'),
         }
-        from flask_wtf import FlaskForm
-        ff = FlaskForm()
         return self.render_template(
             'superset/sqllab.html',
-            csrf_token=ff.csrf_token,
             bootstrap_data=json.dumps(d, default=utils.json_iso_dttm_ser)
         )
 appbuilder.add_view_no_menu(Superset)