https://community.fabric.microsoft.com/t5/Custom-Visuals-Development/Query-on-iFrame-Sandbox-Permissions-for-Custom-Visuals-in/m-p/3970121#M9798 <P>Hi&nbsp;<a href="https://community.fabric.microsoft.com/t5/user/viewprofilepage/user-id/753376">@jeromexshi</a>,</P> <P>&nbsp;</P> <P><SPAN>All you can do to get successful responses from an endpoint is if the <FONT face="courier new,courier">Access-Control-Allow-Origin</FONT> response header is configured as <FONT face="courier new,courier">*</FONT> or <FONT face="courier new,courier">null</FONT> (as custom visuals have a null origin due to the sandbox impositions). If you cannot work to these constraints, then there is currently no known workaround.</SPAN></P> <P>&nbsp;</P> <P><SPAN>If these have been set, then HTTP(S) endpoints should be callable per usual JS fetch methods.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regards,</SPAN></P> <P>&nbsp;</P> <P><SPAN>Daniel</SPAN></P> Tue, 04 Jun 2024 03:11:14 GMT dm-p 2024-06-04T03:11:14Z https://community.fabric.microsoft.com/t5/Custom-Visuals-Development/Query-on-iFrame-Sandbox-Permissions-for-Custom-Visuals-in/m-p/3966595#M9743 <P>I am writing to seek clarification regarding the iFrame sandbox permissions for custom visuals in PowerBI. Specifically, since the sandbox only supports the "allow-scripts" permission, I am concerned about its impact on cross-domain requests.</P><P>Could this limitation be causing issues when attempting to pull origin information or resulting in null values when sending POST/OPTIONS requests to other domains? If so, what solutions are available to address this issue? Additionally, is it possible to loosen the restriction on sandbox permissions, or is there an alternative method to successfully pull origin information under the current constraints?</P> Sun, 02 Jun 2024 10:36:52 GMT https://community.fabric.microsoft.com/t5/Custom-Visuals-Development/Query-on-iFrame-Sandbox-Permissions-for-Custom-Visuals-in/m-p/3966595#M9743 jeromexshi 2024-06-02T10:36:52Z https://community.fabric.microsoft.com/t5/Custom-Visuals-Development/Query-on-iFrame-Sandbox-Permissions-for-Custom-Visuals-in/m-p/3970121#M9798 <P>Hi&nbsp;<a href="https://community.fabric.microsoft.com/t5/user/viewprofilepage/user-id/753376">@jeromexshi</a>,</P> <P>&nbsp;</P> <P><SPAN>All you can do to get successful responses from an endpoint is if the <FONT face="courier new,courier">Access-Control-Allow-Origin</FONT> response header is configured as <FONT face="courier new,courier">*</FONT> or <FONT face="courier new,courier">null</FONT> (as custom visuals have a null origin due to the sandbox impositions). If you cannot work to these constraints, then there is currently no known workaround.</SPAN></P> <P>&nbsp;</P> <P><SPAN>If these have been set, then HTTP(S) endpoints should be callable per usual JS fetch methods.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regards,</SPAN></P> <P>&nbsp;</P> <P><SPAN>Daniel</SPAN></P> Tue, 04 Jun 2024 03:11:14 GMT https://community.fabric.microsoft.com/t5/Custom-Visuals-Development/Query-on-iFrame-Sandbox-Permissions-for-Custom-Visuals-in/m-p/3970121#M9798 dm-p 2024-06-04T03:11:14Z