This error is caused by a Content Security Policy (CSP) restriction on the Databricks dashboard, which prevents the dashboard from being embedded as an <iframe> on pages whose origins (domains) are not explicitly allowed in the frame-ancestors directive of the CSP header. When you introduce a login page (created with Dash/Plotly), it likely changes the domain or ancestor structure of your app, causing the dashboard to detect an unauthorized parent and block the iframe.
Problem Details
-
The CSP header from Databricks specifies the following allowed frame-ancestors:
-
*.vocareum.com
-
*.docebosaas.com
-
*.edx.org
-
*.deloitte.com
-
*.cloudlabs.ai
-
*.databricks.com
-
*.myteksi.net
-
*.cc.capillarytech.com
-
*.intouch.capillarytech.com
-
If your new login form (served via Dash/Plotly) is running on localhost, a custom domain, or any domain not in the list above, Databricks dashboards will refuse to be embedded inside your app via iframe due to this restriction.
Why It Worked Before
-
When embedding from the Hello World template, the page may have loaded from an allowed ancestor (e.g., directly on Databricks).
-
The change made by introducing a Dash/Plotly login form altered the ancestor/parent domain, causing the restriction.
Solutions & Workarounds
1. Serve the App from an Allowed Domain
-
Serve the Dash/Plotly app from a domain listed in the frame-ancestors directive (e.g., *.databricks.com).
-
This often isn't feasible without internal access or configuration.
2. Ask for Custom CSP Modification (Enterprise Feature)
-
If part of an organization, contact Databricks support to add your custom domain to their CSP for your workspace.
-
This is usually only possible for enterprise customers with admin access.
3. Proxy/Redirect
-
Use a proxy server hosted on an allowed domain to serve both the login form and embedded dashboard.
-
Complex and requires infrastructure changes.
4. Alternative Display Method
-
Instead of iframing the dashboard, fetch the data via API and rebuild the dashboard inside Dash/Plotly after login. This avoids CSP issues but requires more development effort.
5. Open Dashboard in a New Tab
-
After successful login, provide a link or button that opens the dashboard in a new tab/window, rather than embedding it.
Practical Guidance
-
Most Databricks dashboards cannot be embedded in apps on domains not listed in their CSP, and this is enforced for security reasons.
-
Workarounds such as CSP modification or proxying need organizational buy-in or infrastructure changes.
-
For non-enterprise/individual users, recreating dashboard views within Dash or providing external links may be the only options.
In summary:
Your problem arises from a content security restriction, and unless you can host your login app on an allowed domain or have Databricks update the CSP, you will not be able to embed the dashboard post-login due to the CSP enforcement.
Reference
| Cause |
Explanation |
Possible Fix |
CSP Error |
Embedding from an unlisted domain after login |
Move to allowed domain or request CSP update |
Allowed Only |
Only listed domains can iframe Databricks dashboards |
Serve from those domains or avoid iframe altogether |
Proxy Option |
Proxy via allowed domain |
Requires infrastructure changes |
If more details about your specific deployment setup are available, further tailored steps can be recommended.
