adikam - hi all - I’ve set up a custom action i...
hi all - I’ve set up a custom action in ThoughtSpot that calls a Vercel-hosted API to generate and download a PowerPoint file. Here's the configuration:
Custom Action URL: https://testakproject.vercel.app/api/generate-ppt
CORS Whitelisted Domains: testakproject.vercel.app, vercel.app (added without protocol).
Authorization: Bearer token (validated and works).
The API works when tested using curl.
However, when triggering the custom action from ThoughtSpot, it fails with a CSP connect-src violation.
How can I resolve this and ensure the action works seamlessly in ThoughtSpot? Am using thoughtspot trial version currently developer edition
11 Replies
@adikam you will have to whitelist custom action domain in developTab/securitySettings Page in CSP connect-src. Let me know if that worked for you.
hey i did that and also updated the url for the custom action. for some reason thoughtspot is rejecting it.
the same url if i call directly it will download the pptx: https://export-m2q381xm2-adis-projects-dc167b69.vercel.app/api/generate-ppt1?answerId=ff5c5790-31cc-4dfc-9a01-07bfda5e19b2&authToken=YWRpa2FtMDA3QGdtYWlsLmNvbTpKSE5vYVhKdk1TUlRTRUV0TWpVMkpEVXdNREF3TUNSRmNVVXhTV3AxUzFBMFJsQnhhWE5RV25SNmFUTlJQVDBrUmxkQ01FMUpkM1F2Y3k5dk5uZFhSMmwxVFV0dVJVaHFOWFZSWVhKVloxSlFLMHQ2VjI1RmFtOWlORDA=
@adikam under your develop tab, did you update the security settings for CSP connect-src?
thank you @shikharTS . For some reason i dont see those options.
Ohh it seems orgs are enabled on your cluster. Do you have option change primary org settings? This is where you can access these settings as these are for the whole cluster not individual orgs.
what i have is a trial version of thoughtspot cloud.
You might need to create a support case to get the url whitelisted in CSP connect-src
ok got it