I’m considering licensing other websites to embed one of my Anvil apps and, toward that end, have been trying to learn how to identify the hostname of the website in which my app has been embedded (so that the form can throw up a notice if the site isn’t un-authorized to do so.)
Unfortunately, I’m getting the following error when the embedded app tries to access the information I want:
SecurityError: Failed to read a named property ‘window’ from ‘Location’: Blocked a frame with origin “[embeddable app URL appeared here]” from accessing a cross-origin frame.
I enabled Embedding before publishing the first app, and created (and used in the iframe construction in the host form) a route with both enable_cors
and cross_site_session
set to True
. In the Form code, I’ve tried to access both top and parent, and used both notations (["host"]
and .host
], and the same for hostname
and href
. I’m out of ideas.
Am I missing something, or is this just not possible within an Anvil app, or…?