Does the embedded domain allowlist admin panel option support wildcards?

Knowledge Drop

Last tested: Mar 30, 2021
 

Short answer: Looker may allow wildcards in the embed domain list, but browsers generally do not allow wildcards in domain names for browser security contexts.

Longer answer: The Looker allowlist will allow wildcards, the browser will not. However, in the context of any given page, you just have to ensure that the parent page passes the correct of the two origins that you are using for that specific page load (via the embed_domain parameter), then Looker will use that and it should work

For Example:

In the admin UI we would put https://*.domain.com
In the embed URL we would put the actual page we are embedding on embeddedcontent.domain.com

This content is subject to limited support.                

Comments
markk1
Explorer

Note that sub-sub domains need to be added separately:

https://abc.xyz.domain.com will need to be in the allowlist as https://*.xyz.domain.com (https://*.domain.com will not cover it)

Version history
Last update:
‎05-07-2021 09:48 AM
Updated by: