Knowledge Drop

Does the embedded domain allowlist admin panel option support wildcards?

  • 7 May 2021
  • 1 reply

Last tested: Mar 30, 2021

Short answer: Looker may allow wildcards in the embed domain list, but browsers generally do not allow wildcards in domain names for browser security contexts.

Longer answer: The Looker allowlist will allow wildcards, the browser will not. However, in the context of any given page, you just have to ensure that the parent page passes the correct of the two origins that you are using for that specific page load (via the embed_domain parameter), then Looker will use that and it should work

For Example:

In the admin UI we would put https://*
In the embed URL we would put the actual page we are embedding on


This content is subject to limited support.                


1 reply

Userlevel 1

Note that sub-sub domains need to be added separately: will need to be in the allowlist as https://* (https://* will not cover it)