fix(telemetry): use Scarf static pixel instead of gateway redirect

[rusackas]

SUMMARY

Second half of #32110. The in-app telemetry pixel loaded from the Scarf Gateway redirect — https://apachesuperset.gateway.scarf.sh/pixel/<id>/<version>/<sha>/<build> — which Chrome/Brave/Firefox and some extensions flag as a tracking redirect, surfacing Superset as a "dangerous"/phishing site for affected users.

Per Scarf's own guidance on the issue (cc @aviaviavi), point the pixel at the native static endpoint the gateway route already forwards to:

https://static.scarf.sh/a.png?x-pxid=0d3461e1-abb1-4691-a0aa-5ed50de66af0&version=…&sha=…&build=…

Confirmed against the Scarf project config — the package route's "File location" is exactly this static URL, and 0d3461e1-… is the same tracking-pixel ID already in the code. So:

• Same pixel, same telemetry. Identical ID; version/sha/build are preserved (now query params instead of path segments). No data dimension is lost.
• No redirect hop. The browser hits static.scarf.sh directly, removing the gateway redirect that triggers the warnings.
• CSP unchanged. static.scarf.sh was already in the img-src allowlists, so the pixel keeps working. The apachesuperset.gateway.scarf.sh host is intentionally left in the CSP allowlists so any cached older bundles continue to function during rollout.

Note: this only changes the in-app browser pixel. The apachesuperset.docker.scarf.sh image-pull gateway and the @scarf/scarf npm package (install-time analytics) are different channels and are untouched — neither runs in a browser, so neither is implicated in the warning.

Stacked on #41124 (the runtime opt-out half of #32110). Until that merges, the diff here will also show its commit; it'll narrow to just this change once #41124 lands. Happy to reorder/rebase if you'd prefer them merged in the other order.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A. Network behavior:

• Before: GET apachesuperset.gateway.scarf.sh/pixel/… → 302 → static.scarf.sh/a.png?…
• After: GET static.scarf.sh/a.png?x-pxid=…&version=…&sha=…&build=… (no redirect)

TESTING INSTRUCTIONS

• npm run test -- TelemetryPixel — asserts the pixel src now starts with https://static.scarf.sh/, carries the version/sha/build params, and that no gateway.scarf.sh image is emitted.
• Manual: load any page with telemetry enabled and confirm the only Scarf request in the network tab is a direct static.scarf.sh hit with no redirect.

ADDITIONAL INFORMATION

• Has associated issue: Superset pages flagged as malicious and dangerous #32110
• Required feature flags:
• Changes UI
• Includes DB Migration
• Introduces new feature or API
• Removes existing feature or API

🤖 Generated with Claude Code

[bito-code-review]

Code Review Agent Run #cd5607

Actionable Suggestions - 0

Additional Suggestions - 2

• docs/admin_docs/security/security.mdx - 1

  • Documentation consistency gap · Line 595-595
    The `apachesuperset.gateway.scarf.sh` domain is correctly removed from the CSP example as it is not used by Superset. However, the same domain remains in versioned docs (version-6.0.0 and version-6.1.0 security docs), creating documentation inconsistency. Consider removing it from those files as well to maintain alignment with the current documentation.
• superset-frontend/src/features/home/RightMenu.tsx - 1

  • Missing test coverage for SCARF_ANALYTICS · Line 136-136
    The new SCARF_ANALYTICS runtime opt-out feature lacks test coverage in RightMenu.test.tsx. Add tests verifying the TelemetryPixel renders/hides based on SCARF_ANALYTICS config values (undefined, true, false).

Review Details

• Files reviewed - 11 · Commit Range: 7893678..a094976

  • docs/admin_docs/installation/docker-compose.mdx
  • docs/admin_docs/installation/kubernetes.mdx
  • docs/admin_docs/security/security.mdx
  • docs/docs/faq.mdx
  • superset-frontend/packages/superset-ui-core/src/components/TelemetryPixel/TelemetryPixel.test.tsx
  • superset-frontend/packages/superset-ui-core/src/components/TelemetryPixel/index.tsx
  • superset-frontend/src/features/home/RightMenu.tsx
  • superset-frontend/src/features/home/types.ts
  • superset/config.py
  • superset/views/base.py
  • tests/unit_tests/views/test_base.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • Eslint (Linter) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[netlify]

✅ Deploy Preview for superset-docs-preview ready!

Name	Link
🔨 Latest commit	2b7f5b0
🔍 Latest deploy log	https://app.netlify.com/projects/superset-docs-preview/deploys/6a31eb4e6c46d200081e8110
😎 Deploy Preview	https://deploy-preview-41129--superset-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
🤖 Make changes	Run an agent on this branch

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.30%. Comparing base (6a1091d) to head (8990a70).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #41129      +/-   ##
==========================================
- Coverage   64.30%   64.30%   -0.01%     
==========================================
  Files        2652     2652              
  Lines      144809   144812       +3     
  Branches    33417    33419       +2     
==========================================
- Hits        93125    93123       -2     
- Misses      50020    50023       +3     
- Partials     1664     1666       +2     

Flag	Coverage Δ
hive	39.33% <100.00%> (+<0.01%)	⬆️
javascript	68.45% <100.00%> (+<0.01%)	⬆️
mysql	58.03% <100.00%> (+<0.01%)	⬆️
postgres	58.09% <100.00%> (-0.01%)	⬇️
presto	40.90% <100.00%> (+<0.01%)	⬆️
python	59.54% <100.00%> (-0.01%)	⬇️
sqlite	57.72% <100.00%> (+<0.01%)	⬆️
unit	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bito-code-review]

Code Review Agent Run #315ebc

Actionable Suggestions - 0

Additional Suggestions - 1

• superset-frontend/packages/superset-ui-core/src/components/TelemetryPixel/TelemetryPixel.test.tsx - 1

  • Test isolation gap for env mutations · Line 35-44
    Tests mutate `process.env.SCARF_ANALYTICS` without per-test isolation. The `afterAll` restore happens once at the end, not between tests. Parallel test execution or test reordering could cause state leakage.

Review Details

• Files reviewed - 10 · Commit Range: 7893678..7e46423

  • docs/admin_docs/installation/docker-compose.mdx
  • docs/admin_docs/installation/kubernetes.mdx
  • docs/docs/faq.mdx
  • superset-frontend/packages/superset-ui-core/src/components/TelemetryPixel/TelemetryPixel.test.tsx
  • superset-frontend/packages/superset-ui-core/src/components/TelemetryPixel/index.tsx
  • superset-frontend/src/features/home/RightMenu.tsx
  • superset-frontend/src/features/home/types.ts
  • superset/config.py
  • superset/views/base.py
  • tests/unit_tests/views/test_base.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • Eslint (Linter) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[bito-code-review]

The suggestion to add a docstring to the new test function is correct and improves code documentation. You can resolve this by adding a docstring that describes the test's purpose, as shown below:

def test_scarf_analytics_is_exposed_to_frontend_config() -> None:
    """Verify that SCARF_ANALYTICS is exposed in frontend config keys."""
    # Exposed at runtime so pre-built images can opt out via the SCARF_ANALYTICS
    # config/env var (the webpack build-time flag cannot be changed there).
    from superset.views.base import FRONTEND_CONF_KEYS

    assert "SCARF_ANALYTICS" in FRONTEND_CONF_KEYS

I have checked the other comments on this PR, and there are no other pending review comments to address. Please let me know if you would like me to assist with anything else.

tests/unit_tests/views/test_base.py

def test_scarf_analytics_is_exposed_to_frontend_config() -> None:
    """Verify that SCARF_ANALYTICS is exposed in frontend config keys."""
    # Exposed at runtime so pre-built images can opt out via the SCARF_ANALYTICS
    # config/env var (the webpack build-time flag cannot be changed there).
    from superset.views.base import FRONTEND_CONF_KEYS

    assert "SCARF_ANALYTICS" in FRONTEND_CONF_KEYS

[bito-code-review]

Code Review Agent Run #de501d

Actionable Suggestions - 0

Review Details

• Files reviewed - 1 · Commit Range: 7e46423..8990a70

  • tests/unit_tests/views/test_base.py
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • MyPy (Static Code Analysis) - ✔︎ Successful
  • Astral Ruff (Static Code Analysis) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by