Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Atlanta from March 16 - 20, 2026, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM. Register now.

Reply
tikluganguly
New Member

PowerBI Embedded fails to load report (403) when the web app client runs from another server

‎05-19-2017 02:37 PM

Hi Guys,

 

           I have a web app front end running via "Cordova run browser" and the backend is served via asp.net MVC WebAPI. The frontend running on port 8000 and the asp.net MVC backend is running on port 1234.  When the web frontend wants to render the report it makes a call to the backend. Gets the token and is supposed to render it in the front end. But I am getting the following error.

 

GET wabi-us-north-central-redirect.analysis.windows.net/appTokenEmbed/reports/35e2f4ee-b89d-4a81-a698-76ae6f60c195/modelsAndExploration:1 GET https://wabi-us-north-central-redirect.analysis.windows.net/appTokenEmbed/reports/35e2f4ee-b89d-4a81-a698-76ae6f60c195/modelsAndExploration 403 (Forbidden) 

 

I had previously made a POC app where frontend and backend were running from the same server (asp.net WebAPI backend, HTML frontend.), and it is working fine. Any idea why? Do the token only works on the originating website? 

 

Regards

Tiklu

Message 1 of 8
4,136 Views
0
7 REPLIES 7
jmalissa
New Member

‎11-28-2020 04:00 PM

Adding "frame-src https://app.powerbi.com/;" to my content security policy fixed this for me.

Message 8 of 8
2,053 Views
0
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎05-22-2017 02:55 AM

           I have a web app front end running via "Cordova run browser" and the backend is served via asp.net MVC WebAPI. The frontend running on port 8000 and the asp.net MVC backend is running on port 1234.  When the web frontend wants to render the report it makes a call to the backend. Gets the token and is supposed to render it in the front end. But I am getting the following error.

Tiklu

@tikluganguly

How you make the call and what is the response? Techinically you can even embedded a report in Power BI Embedded with a static html, which means, to render a report, only embeded url and access token is needed. How did you get the embeded url and token in your case?

 

<html>  
 <script src="https://microsoft.github.io/PowerBI-JavaScript/demo/node_modules/jquery/dist/jquery.js"></script>
<script src="https://microsoft.github.io/PowerBI-JavaScript/demo/node_modules/powerbi-client/dist/powerbi.js"></script>
<script type="text/javascript">
window.onload = function () {   

var embedConfiguration = {
    type: 'report',
    accessToken: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIwLjIuMCIsInR5cGUiOiJlbWJlZCIsIndjbiI6Indya3NwY0NsbGN0bjRQQkkiLCJ3aWQiOiJiN2NmNDMzYi00MzdjLTRjYTUtOWRmMi1kOWZkODIxODI0NjEiLCJyaWQiOiJhMzQwMDQ5YS03ZjJiLTQyZDAtOWQwZC0yMGJhMjRjMmUyMGIiLCJ1c2VybmFtZSI6IjEwMDA4NSIsInJvbGVzIjoicHJvdmlkZXIiLCJpc3MiOiJQb3dlckJJU0RLIiwiYXVkIjoiaHR0cHM6Ly9hbmFseXNpcy53aW5kb3dzLm5ldC9wb3dlcmJpL2FwaSIsImV4cCI6MTQ5NTQ1MDQzNywibmJmIjoxNDk1NDQ2ODM3fQ.HuDplvb2oelxjQmYvcLQcOrDP1ZPVwlEejO9Tb6dFYg',
     
    embedUrl: 'https://embedded.powerbi.com/appTokenReportEmbed?reportId=a340049a-7f2b-42d0-9d0d-20ba24c2e20b'

}; 
  
var $reportContainer = $('#reportContainer'); 
var report = powerbi.embed($reportContainer.get(0), embedConfiguration); 

}
</script>
<div id="reportContainer"></div>
</html>

 

Message 3 of 8
4,114 Views
0
tikluganguly
New Member
In response to Eric_Zhang

‎05-22-2017 10:34 AM

@Eric_Zhang

 

Hi Eric,

 

          Thanks for the confirmation. I was thinking that the PowerBI token is tied to the originating site. Actually, as I told you the front end is running via Cordova. And we have a

<meta http-equiv="Content-Security-Policy" tag.  my assumption is this tag is blocking the page. Any idea how I can make sure that CSP allows all the required sites in the app?   
 
Regards
Tiklu

 

Message 4 of 8
4,108 Views
0
Eric_Zhang
Microsoft Employee
Microsoft Employee
In response to tikluganguly

‎05-22-2017 05:01 PM
@tikluganguly wrote:

@Eric_Zhang

 

Hi Eric,

 

          Thanks for the confirmation. I was thinking that the PowerBI token is tied to the originating site. Actually, as I told you the front end is running via Cordova. And we have a

<meta http-equiv="Content-Security-Policy" tag.  my assumption is this tag is blocking the page. Any idea how I can make sure that CSP allows all the required sites in the app?   
 
Regards
Tiklu

 

@Eric_Zhang

I don't know about Cordova and the problem is not pending on Power BI End then. To answer you question, I'd suggest you post it in the dedicated Cordova forum. You would get more proper response there. 🙂

Message 6 of 8
4,101 Views
0
tikluganguly
New Member
In response to Eric_Zhang

‎05-23-2017 07:47 AM

Hi @Eric_Zhang,

              Thanks for your reply. Let me ask the question to the Cordova forum. 

Regards

Tiklu

Message 7 of 8
4,093 Views
0
tikluganguly
New Member
In response to tikluganguly

‎05-22-2017 04:28 PM

 Hi @Eric_Zhang,

 

 

I used your code with my reports embed url and token and it worked. so I am kind of sure that the issue is definitely with my CSP tag. My tag content is as follows

 

<meta http-equiv="Content-Security-Policy" content="script-src http://ecn.dev.virtualearth.net/ http://dev.virtualearth.net/ http://www.bing.com/ https://t0.ssl.ak.dynamic.tiles.virtualearth.net/ https://t1.ssl.ak.dynamic.tiles.virtualearth.net/ https://t2.ssl.ak.dynamic.tiles.virtualearth.net/ https://t3.ssl.ak.dynamic.tiles.virtualearth.net/ https://*.analysis.windows.net/ http://*.analysis.windows.net/ 'self' 'unsafe-inline' 'unsafe-eval';child-src https://*.analysis.windows.net/ http://*.analysis.windows.net/ https://www.bing.com/ https://embedded.powerbi.com/ https://login.microsoftonline.com/ 'self'; media-src *"
/>
 
Can you please let me know what exactly should I add to make sure that my app does not block the url of powerbi.
 
Regards
Tiklu
Message 5 of 8
4,104 Views
0
tikluganguly
New Member

‎05-19-2017 02:44 PM

Hi Guys,

 

           I have a web app front end running via "Cordova run browser" and the backend is served via asp.net MVC WebAPI. The frontend running on port 8000 and the asp.net MVC backend is running on port 1234.  When the web frontend wants to render the report it makes a call to the backend. Gets the token and is supposed to render it in the front end. But I am getting the following error.

 

GET wabi-us-north-central-redirect.analysis.windows.net/appTokenEmbed/reports/35e2f4ee-b89d-4a81-a698-76ae6f60c195/modelsAndExploration:1 GET https://wabi-us-north-central-redirect.analysis.windows.net/appTokenEmbed/reports/35e2f4ee-b89d-4a81-a698-76ae6f60c195/modelsAndExploration 403 (Forbidden) 

 

I had previously made a POC app where frontend and backend were running from the same server (asp.net WebAPI backend, HTML frontend.), and it is working fine. Any idea why? Do the token only works on the originating website? 

 

Regards

Tiklu

Message 2 of 8
4,139 Views
0

Helpful resources

Announcements
Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All