HTML Custom Widget: Disable Sandbox or Work Around #2331
Closed
cgorman-cu
started this conversation in
General
Replies: 1 comment
-
I just figured it out. You can't use Custom HTML code it interact with window.parent; instead, you need to import a custom widget. In npm for the project that you are importing, you have to use the @azure/api-management-custom-widgets-tools package to get data about the windows.parent page. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I have the Azure hosted Developer portal.
Is there any way to deploy Custom HTML code in a different way than what is currently implemented?
JavaScript code in my Custom HTML code needs to access the window.parent property.
However there is no hostname for the Custom HTML, I am pretty sure that the Custom HTML code are loaded from as a widget from a local file-system with sandbox enabled, which prevents access to the parent document.
I want to refrain from disabling sandbox for security reasons; instead, I want to change how the Custom HTML is loaded.
Could I have the the Custom HTML code/widget loaded from the same server, so it has the same origin that the Developer Portal has?
That way I don't have to deal with CORS and the Custom HTML can access the properties that I need.
Or would it be easier to import a Custom TypeScript Widget and add a CORS policy that allows the domain from the server that is hosting the TypeScript Widget?
Beta Was this translation helpful? Give feedback.
All reactions