topic Add "allow-same-origin" value to iframe's attribute sandbox in Developer

Add "allow-same-origin" value to iframe's attribute sandbox

muy — Wed, 18 Jan 2017 06:59:45 GMT

I'm developing a custom visual for map visualization and encounter the following error:

"Uncaught DOMException: Failed to read the 'sessionStorage' property from 'Window': The document is sandboxed and lacks the 'allow-same-origin' flag."

So is there anyway to add the "allow-same-origin" flag to the iframe that load my visual?

Re: Add "allow-same-origin" value to iframe's attribute sandbox

v-chuncz-msft — Thu, 19 Jan 2017 09:55:48 GMT

@muy,

Based on my experience, this can‘t be achieved. You could also reach out for help at GitHub.

Re: Add "allow-same-origin" value to iframe's attribute sandbox

muy — Fri, 20 Jan 2017 00:26:09 GMT

Thanks for the reply Sam.

I had spent some time looking into this, but couldn't find any solutions as well.

Re: Add "allow-same-origin" value to iframe's attribute sandbox

v-chuncz-msft — Fri, 03 Feb 2017 10:04:46 GMT

@muy,

You may keep an eye on Custom Visuals blog for the latest info.

Re: Add "allow-same-origin" value to iframe's attribute sandbox

ryanbaumann — Sun, 13 Aug 2017 18:08:32 GMT

I could use this as well. I receive this error in the console while developing any Custom Visual using Chrome v60.

Re: Add "allow-same-origin" value to iframe's attribute sandbox

v-viig — Mon, 14 Aug 2017 10:03:21 GMT

Power BI Custom Visuals API doesn't allow to use local storage, session storage and cookie due to security aspects.

You might keep a session in Power BI capabilities' properties.

Ignat Vilesov,

Software Engineer

Microsoft Power BI Custom Visuals

pbicvsupport@microsoft.com

Re: Add "allow-same-origin" value to iframe's attribute sandbox

Cubist — Sun, 24 Sep 2017 18:05:39 GMT

There is good news and bad news.

The bad news is that what you're asking for, adding the "allow-same-origin" permission to sandboxed visuals, has a snowballs chance in hell of happening. It's considered by many to be risky from a security perspective, and Microsoft has to have insane vigilence around security, I can't see them ever doing this.

The good news is there are workarounds for these limitations, one of them might allow you to still meet your goal. I've been wanting to get around to blogging about PBI sandboxing, and developing custom visuals in general, maybe something like Power BI Custom Visuals In-Depth, but you know it's tough to get free time...

What I would suggest in your case is to let us know, why you want to use session storage? What user level requirement is driving it? That way people here can offer suggestions on how to achieve what you need technically while perserving the experience for your end users.

Re: Add "allow-same-origin" value to iframe's attribute sandbox

ryanbaumann — Sun, 24 Sep 2017 20:19:12 GMT

Thanks for replying! I managed to get this to work without needing the allow-same-origin flag. My custom visual is here https://github.com/ryanbaumann/mapboxgl-powerBI.

The solution did not have to do with the allow same origin flag. Instead I had an error that was not written to the debug console which caused the custom visual to not load properly. I still see the allow same origin error, but it does not effect my app.

Thank you!

Re: Add "allow-same-origin" value to iframe's attribute sandbox

jgreg14 — Thu, 04 Feb 2021 10:20:13 GMT

Hey @ryanbaumann - how did you get this working?

Re: Add "allow-same-origin" value to iframe's attribute sandbox

NUCRjs2 — Fri, 13 Sep 2024 00:58:37 GMT

The map is possible because there is a mapbox visual training for Power BI that uses them. Something else is causing the error. How can we trouble shoot?

Mapbox Tutorial Power BI 101 https://www.youtube.com/watch?v=0w589b5_Z3o