cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to make Databricks API calls from an HTML iframe rendered by a notebook's `displayHTML()` call, due to the browser enforcing CORS policy.

Go to solution
LanceYoung
New Contributor III

‎03-19-2022 08:43 PM

My Goal

I want to make my Databricks Notebooks more interactive and have custom HTML/JS UI widgets that guide non-technical people through a business/data process. I want the HTML/JS widget to be able to execute a DB job, or execute some python code to render the result.

How I thought to achieve it

I understand this can be achieved to some degree using a combination of python and the `displayHTML()` to render the widgets in a cell's output.

A problem I faced

Because of the CORS policy enforcing 'allow-same-origin', and HTML iframe code being fetched from a 'databricksusercontent.com' url, the browser blocks the request (ie. my Azure Databricks API url is 'azuredatabricks.net').

What I'm looking for

To be able to make API calls from a notebook's iframe (using HTML/JS rendered with displayHTML()) without telling the browser application to ignore CORS policy enforcement when visiting my Databricks workspace website.

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Atanu
Databricks Employee
Databricks Employee

‎04-17-2022 10:16 AM

  • displayHTML content is served in production from an iframe on the domain databricksusercontent.com
  • This iframe is sandboxed and it seems to prevent any calls
  • So even by creating a CORS-friendly server in the notebook exposed through the driver-proxy-api, it's not called from the sandbox.
  • Try to escape the iframe sandboxing by opening a popup, but it seems to inherit the same issue (although it's not clear why, as there's the flag allow-popups-to-escape-sandbox)
  • Try to serve the upload form from the server inside the notebook and displaying it as a webpage (in an iframe or a popup) with a convenient origin, but that doesn't work as the Auhentication header is mandatory to call the driver-proxy-api. So the suspect - You can definitely make ajax calls from inside the iframe sandbox. I suspect auth wasn't properly configured for the driver-proxy endpoint.
  • you can put auth for driver-proxy-api endpoints with a  token=<api_token> param in the url
  • I'm pretty sure the driver proxy is available on all clouds, but it probably isn't available on all cluster types.
  • Please look at my uploaded dbc file which may be helpful.

View solution in original post

5 REPLIES 5

Go to solution
-werners-
Esteemed Contributor III

‎03-21-2022 02:57 AM

There are a few settings in the admin console of databricks, f.e. "Thirdparty iFraming prevention".

You might wanna look into that, but I am not sure if that would help you.

It might be better to look into something like PowerApps which then launches a notebook (using ADF f.e.).

Go to solution
LanceYoung
New Contributor III
In response to -werners-

‎03-22-2022 02:42 PM

Ah thank you

Yes, I see why you'd recommend PowerApps. Though, when my colleague tried them as a Desktop Application, they were limited to a phone-like view.

Anyway, thanks for pointing out the admin console option, I missed that one.

I tried it, though it doesn't seem to relieve the issue. Here are my iframe 'sandbox' attributes after disabling the Thirdparty iFrame prevention:

allow-scripts allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-downloads

Go to solution
j_anderson24
New Contributor II
In response to Retired_mod

‎04-11-2022 02:31 PM

I am dealing with a very similar issue attempting to embed the raiwidgets fairlearn dashboard into a workspace. The setting mentioned above has not had an impact and the dashboard still continues to spin due to the CORS error where the databricksusercontent.com content is attempting to retrieve from the azuredatabricks.net domain.

Go to solution
LanceYoung
New Contributor III
In response to j_anderson24

‎04-11-2022 09:03 PM

Bump - agreed. Doesn't work after changing the setting.

The attributes given to the iframe HTML tag that is to display the output don't change even with updating that setting.

Don't have too much web dev experience with CORS - this could be the wrong thing to point out.

0 Kudos

Go to solution
Atanu
Databricks Employee
Databricks Employee

‎04-17-2022 10:16 AM

  • displayHTML content is served in production from an iframe on the domain databricksusercontent.com
  • This iframe is sandboxed and it seems to prevent any calls
  • So even by creating a CORS-friendly server in the notebook exposed through the driver-proxy-api, it's not called from the sandbox.
  • Try to escape the iframe sandboxing by opening a popup, but it seems to inherit the same issue (although it's not clear why, as there's the flag allow-popups-to-escape-sandbox)
  • Try to serve the upload form from the server inside the notebook and displaying it as a webpage (in an iframe or a popup) with a convenient origin, but that doesn't work as the Auhentication header is mandatory to call the driver-proxy-api. So the suspect - You can definitely make ajax calls from inside the iframe sandbox. I suspect auth wasn't properly configured for the driver-proxy endpoint.
  • you can put auth for driver-proxy-api endpoints with a  token=<api_token> param in the url
  • I'm pretty sure the driver proxy is available on all clouds, but it probably isn't available on all cluster types.
  • Please look at my uploaded dbc file which may be helpful.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements