Databricks

LanceYoung · ‎03-19-2022

My Goal

I want to make my Databricks Notebooks more interactive and have custom HTML/JS UI widgets that guide non-technical people through a business/data process. I want the HTML/JS widget to be able to execute a DB job, or execute some python code to render the result.

How I thought to achieve it

I understand this can be achieved to some degree using a combination of python and the `displayHTML()` to render the widgets in a cell's output.

A problem I faced

Because of the CORS policy enforcing 'allow-same-origin', and HTML iframe code being fetched from a 'databricksusercontent.com' url, the browser blocks the request (ie. my Azure Databricks API url is 'azuredatabricks.net').

What I'm looking for

To be able to make API calls from a notebook's iframe (using HTML/JS rendered with displayHTML()) without telling the browser application to ignore CORS policy enforcement when visiting my Databricks workspace website.

Atanu · ‎04-17-2022

displayHTML content is served in production from an iframe on the domain databricksusercontent.com
This iframe is sandboxed and it seems to prevent any calls
So even by creating a CORS-friendly server in the notebook exposed through the driver-proxy-api, it's not called from the sandbox.
Try to escape the iframe sandboxing by opening a popup, but it seems to inherit the same issue (although it's not clear why, as there's the flag allow-popups-to-escape-sandbox)
Try to serve the upload form from the server inside the notebook and displaying it as a webpage (in an iframe or a popup) with a convenient origin, but that doesn't work as the Auhentication header is mandatory to call the driver-proxy-api. So the suspect - You can definitely make ajax calls from inside the iframe sandbox. I suspect auth wasn't properly configured for the driver-proxy endpoint.
you can put auth for driver-proxy-api endpoints with a token=<api_token> param in the url
I'm pretty sure the driver proxy is available on all clouds, but it probably isn't available on all cluster types.
Please look at my uploaded dbc file which may be helpful.

View solution in original post

-werners- · ‎03-21-2022

There are a few settings in the admin console of databricks, f.e. "Thirdparty iFraming prevention".

You might wanna look into that, but I am not sure if that would help you.

It might be better to look into something like PowerApps which then launches a notebook (using ADF f.e.).

LanceYoung · ‎03-22-2022

Ah thank you

Yes, I see why you'd recommend PowerApps. Though, when my colleague tried them as a Desktop Application, they were limited to a phone-like view.

Anyway, thanks for pointing out the admin console option, I missed that one.

I tried it, though it doesn't seem to relieve the issue. Here are my iframe 'sandbox' attributes after disabling the Thirdparty iFrame prevention:

allow-scripts allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-downloads

Kaniz · ‎03-22-2022

Hi @Lance Young ,

Here @Werner Stinckens is talking about this in your Settings -> Admin Console -> Workspace Settings -> Advanced .

Please enable this feature and check if this helps.

j_anderson24 · ‎04-11-2022

I am dealing with a very similar issue attempting to embed the raiwidgets fairlearn dashboard into a workspace. The setting mentioned above has not had an impact and the dashboard still continues to spin due to the CORS error where the databricksusercontent.com content is attempting to retrieve from the azuredatabricks.net domain.

LanceYoung · ‎04-11-2022

Bump - agreed. Doesn't work after changing the setting.

The attributes given to the iframe HTML tag that is to display the output don't change even with updating that setting.

Don't have too much web dev experience with CORS - this could be the wrong thing to point out.

Atanu · ‎04-17-2022

displayHTML content is served in production from an iframe on the domain databricksusercontent.com
This iframe is sandboxed and it seems to prevent any calls
So even by creating a CORS-friendly server in the notebook exposed through the driver-proxy-api, it's not called from the sandbox.
Try to escape the iframe sandboxing by opening a popup, but it seems to inherit the same issue (although it's not clear why, as there's the flag allow-popups-to-escape-sandbox)
Try to serve the upload form from the server inside the notebook and displaying it as a webpage (in an iframe or a popup) with a convenient origin, but that doesn't work as the Auhentication header is mandatory to call the driver-proxy-api. So the suspect - You can definitely make ajax calls from inside the iframe sandbox. I suspect auth wasn't properly configured for the driver-proxy endpoint.
you can put auth for driver-proxy-api endpoints with a token=<api_token> param in the url
I'm pretty sure the driver proxy is available on all clouds, but it probably isn't available on all cluster types.
Please look at my uploaded dbc file which may be helpful.