cancel
Showing results for 
Search instead for 
Did you mean: 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to make Databricks API calls from an HTML iframe rendered by a notebook's `displayHTML()` call, due to the browser enforcing CORS policy.

LanceYoung
New Contributor III

My Goal

I want to make my Databricks Notebooks more interactive and have custom HTML/JS UI widgets that guide non-technical people through a business/data process. I want the HTML/JS widget to be able to execute a DB job, or execute some python code to render the result.

How I thought to achieve it

I understand this can be achieved to some degree using a combination of python and the `displayHTML()` to render the widgets in a cell's output.

A problem I faced

Because of the CORS policy enforcing 'allow-same-origin', and HTML iframe code being fetched from a 'databricksusercontent.com' url, the browser blocks the request (ie. my Azure Databricks API url is 'azuredatabricks.net').

What I'm looking for

To be able to make API calls from a notebook's iframe (using HTML/JS rendered with displayHTML()) without telling the browser application to ignore CORS policy enforcement when visiting my Databricks workspace website.

1 ACCEPTED SOLUTION

Accepted Solutions

Atanu
Databricks Employee
Databricks Employee
  • displayHTML content is served in production from an iframe on the domain databricksusercontent.com
  • This iframe is sandboxed and it seems to prevent any calls
  • So even by creating a CORS-friendly server in the notebook exposed through the driver-proxy-api, it's not called from the sandbox.
  • Try to escape the iframe sandboxing by opening a popup, but it seems to inherit the same issue (although it's not clear why, as there's the flag allow-popups-to-escape-sandbox)
  • Try to serve the upload form from the server inside the notebook and displaying it as a webpage (in an iframe or a popup) with a convenient origin, but that doesn't work as the Auhentication header is mandatory to call the driver-proxy-api. So the suspect - You can definitely make ajax calls from inside the iframe sandbox. I suspect auth wasn't properly configured for the driver-proxy endpoint.
  • you can put auth for driver-proxy-api endpoints with a  token=<api_token> param in the url
  • I'm pretty sure the driver proxy is available on all clouds, but it probably isn't available on all cluster types.
  • Please look at my uploaded dbc file which may be helpful.

View solution in original post

5 REPLIES 5

-werners-
Esteemed Contributor III

There are a few settings in the admin console of databricks, f.e. "Thirdparty iFraming prevention".

You might wanna look into that, but I am not sure if that would help you.

It might be better to look into something like PowerApps which then launches a notebook (using ADF f.e.).

LanceYoung
New Contributor III

Ah thank you

Yes, I see why you'd recommend PowerApps. Though, when my colleague tried them as a Desktop Application, they were limited to a phone-like view.

Anyway, thanks for pointing out the admin console option, I missed that one.

I tried it, though it doesn't seem to relieve the issue. Here are my iframe 'sandbox' attributes after disabling the Thirdparty iFrame prevention:

allow-scripts allow-popups allow-popups-to-escape-sandbox allow-forms allow-same-origin allow-downloads

I am dealing with a very similar issue attempting to embed the raiwidgets fairlearn dashboard into a workspace. The setting mentioned above has not had an impact and the dashboard still continues to spin due to the CORS error where the databricksusercontent.com content is attempting to retrieve from the azuredatabricks.net domain.

Bump - agreed. Doesn't work after changing the setting.

The attributes given to the iframe HTML tag that is to display the output don't change even with updating that setting.

Don't have too much web dev experience with CORS - this could be the wrong thing to point out.

Atanu
Databricks Employee
Databricks Employee
  • displayHTML content is served in production from an iframe on the domain databricksusercontent.com
  • This iframe is sandboxed and it seems to prevent any calls
  • So even by creating a CORS-friendly server in the notebook exposed through the driver-proxy-api, it's not called from the sandbox.
  • Try to escape the iframe sandboxing by opening a popup, but it seems to inherit the same issue (although it's not clear why, as there's the flag allow-popups-to-escape-sandbox)
  • Try to serve the upload form from the server inside the notebook and displaying it as a webpage (in an iframe or a popup) with a convenient origin, but that doesn't work as the Auhentication header is mandatory to call the driver-proxy-api. So the suspect - You can definitely make ajax calls from inside the iframe sandbox. I suspect auth wasn't properly configured for the driver-proxy endpoint.
  • you can put auth for driver-proxy-api endpoints with a  token=<api_token> param in the url
  • I'm pretty sure the driver proxy is available on all clouds, but it probably isn't available on all cluster types.
  • Please look at my uploaded dbc file which may be helpful.

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group