Troubleshooting tips

Troubleshooting tips

This article helps you to troubleshoot the common problems that you might encounter when setting up or using an embedded ThoughtSpot instance. For additional help and guidance from ThoughtSpot Support, visit our Community site.

CORS and CSPπŸ”—

Refused to frame "<your-site-url>"…​ error messageπŸ”—

Error: When I try to embed in my app, I get the error Refused to frame "<your-site-url>" because an ancestor violates the following Content Security Policy directive.

Cause: This error occurs when a host app domain is not added to the CSP and CORS allowlists.

How to fix: Add your host app domain as a CSP visual embed host and enable CORS on the Develop > Customizations > Security Settings page.

The CORS allowlist does not allow wildcard (*) for domain URLπŸ”—

Error: The CORS allowlist does not allow wildcard(*) expression for domain URLs.

Cause: This error occurs because ThoughtSpot does not support wildcard expression for domain URLs in the CORS allowlist.

How to fix: Specify the domain URL string in the supported format. For a complete list of allowed domain URL strings for CORS and CSP allowlists, see Security settings.

Browser supportπŸ”—

Cannot open my embedded app in SafariπŸ”—

Error: Unable to access the embedded app on Safari

Cause: This error may occur if third-party cookies are blocked.

How to fix: By default, Safari does not allow third-party cookies.
If the third-party cookies are blocked, the SDK triggers the NoCookieAccess event. Check the console log.
To resolve this issue:

  • Allow cookies on Safari to view the embedded app.

  • To ensure that embedding works on browsers that block third-party cookies, you can set the domain name of your ThoughtSpot instance to the same domain as your host application. If you want to customize the domain name, contact ThoughtSpot Support.


Account lockedπŸ”—

Error: My account is locked and I am unable to log in to the app with my SSO credentials.

Cause: Are you using token-based authentication? In a token-based authentication deployment, this error may occur if a user’s login token has expired. If a user makes multiple attempts to log in to ThoughtSpot using an invalid or expired token, they may get locked out of their accounts.

How to fix: Set the getAuthToken function in the SDK to return a fresh token for each re-login.

The login page shows up each time a user session expiresπŸ”—

Error: The embedded UI prompts me to re-login after a session timeout.

Cause: This error may occur if autoLogin is disabled in the SDK.

How to fix: If you are using the token-based authentication method, the SDK automatically logs in users after their user session has expired. Make sure the autoLogin attribute is set to true in the SDK.

The login prompt shows up for authenticated usersπŸ”—

Error: I have logged in to my application instance, but the login page shows up when I try to access the developer Playground.

Cause: This error may occur if session cookies are not enabled on your web browser.

How to fix: Check if third-party cookies are enabled on your web browser. Browsers such as Safari block third-party cookies by default. If you are accessing your application on Chrome in incognito mode, allow third-party cookies.

The login token request returns the 500 response codeπŸ”—

Error: ThoughtSpot returns the 500 error code for a session login token request.

Cause: This error may occur due to an invalid username or secret_key.

How to fix: Check if the username sent in the API request matches the name of the user in ThoughtSpot.
Check if trusted authentication is enabled on ThoughtSpot. Make sure the secrete_key being sent in your API request is valid.
For more information, see Trusted authentication.

SAML SSO authentication errorsπŸ”—

In most cases, SAML authentication errors occur due to incorrect IdP settings and invalid SAML authentication attributes. To resolve these issues:

  • Make sure SAML authentication support is configured without errors on your ThoughtSpot instance.

  • Check if the attributes, such as a user’s email address, display name, and username are mapped correctly in your IdP configuration. For example, if you are using Okta as your IdP, you must map the userPrincipalName in Okta to NameId. Similarly, you can map the email attribute value to mail, and the display name subject value to displayName.

  • Make sure your SAML redirect domain is added to the allowlist.

  • Check if the authType property and SAML authentication attributes in the SDK are configured correctly.

  • For SAML authentication, you must set the authType as AuthType.SSO.

    If you are using Visual Embed SDK version 1.17.0 or later, you can set authType as AuthType.SAMLRedirect.

  • You can also set redirection parameters in the SDK to handle SAML redirect scenarios. For more information, see SAML redirection.

  • If embedding ThoughtSpot objects in an iFrame, configure your IdP to allow iframe embedding.

Custom actionsπŸ”—

URL custom actions don’t work on my appπŸ”—

Error: When I click the URL action, ThoughtSpot UI displays the URL action failed error message.

Cause: This error occurs when the target URL of the URL action is not allowed to establish connections due to CSP restrictions.

How to fix: Check the target domain name configured in the URL action. Make sure it’s reachable.
Check with your administrator to know if the target URL is added to the CSP connect-src domain allowlist. If you have administrator access, you can update the CSP allowlist on the Develop > Customizations > Security Settings page.


Liveboard filters do not workπŸ”—

Error: When I open Liveboard filters, they are grayed out and I can’t edit them.

Cause: This issue may occur if you do not have edit access to the Liveboard or at least view access to its underlying data.

How to fix: Check if you have edit access to the Liveboard and can view its data source. If you do not have edit access to the Liveboard, click the lock icon and request access from the Liveboard owner.

I set a Runtime filter on a Liveboard, but I don’t see it on the LiveboardπŸ”—

Runtime filters are applied at runtime and do not show up in the Filter bar.

Runtime filters are applied separately from the visible Liveboard filters. Therefore, when you apply these filters together, the conditions for both must be true for data to appear.

For example, if Store Region is set to west, southwest in the Liveboard filter, and you set runtime filter of Store Region as east, you will get the No data found error because the total filter condition is Store Region IN ('west', 'southwest') AND Store Region = 'east', which results in an error.

ThoughtSpot navigation bar shows in the embedded modeπŸ”—

Error: When I embed the full ThoughtSpot application in my app, the top navigation bar shows up.

Cause: This issue occurs if you have enabled the showPrimaryNavbar property in the SDK.

How to fix: Set the showPrimaryNavbar attribute in the Visual Embed SDK to false.


My API request returns the 401 error codeπŸ”—

Error: When I send an API request, the ThoughtSpot server returns the 401 error code in response.

Cause: This issue occurs if you do not have the required privileges to create or modify the data objects.

How to fix: Check if your API requests are authorized. Make sure your ThoughtSpot user account has edit privileges to access and modify ThoughtSpot objects. For more information, see REST API v1 operations and REST API v2.0 operations.

Unable to embed a Liveboard using REST APIπŸ”—

To embed a Liveboard using REST APIs, you must have at least view access to the Liveboard. To modify or enhance the Liveboard, you require edit privileges.

If you have the required privileges and still get an error, perform the following checks:

  • The Liveboard and visualization GUIDs passed in the API request body are valid.

  • Your application domain is added as a CORS host.

The Search Data REST API call returns an errorπŸ”—

Error: When I try to use the Search Data REST API, I get the error Cannot create Answer from empty query.

How to fix: Check the request URL and verify the query string. Try removing the -d [parameters] option and append the query string to the end of the URL as shown here:

curl -X POST /
--header 'Content-Type: application/json' /
--header 'Accept: application/json' /
--header 'X-Requested-By: ThoughtSpot' 'https://[address]/callosum/v1/tspublic/v1/searchdata?query_string=%5Brevenue%5D%20by%20%5Bshipmode%5D&data_source_guid=7466f3c5-95a5-44b9-a17d-9cc5fad495ee&batchsize=-1&pagenumber=-1&offset=-1&formattype=COMPACT'