Skip to content
Snippets Groups Projects
Unverified Commit 292e6ecc authored by Natalie's avatar Natalie Committed by GitHub
Browse files

docs - update full-app embedding (#30085)

parent 5ec5ff4e
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/embedding/full-app-embedding.md
+ 13
3
View file @ 292e6ecc
......@@ -84,17 +84,27 @@ You must URL encode (or double encode, depending on your web setup) all of the p
https://metabase.example.com/auth/sso?jwt=<token>&redirect=%2Fdashboard%2F1%3Ffilter1%3Dvalue%26filter2%3Dvalue
```
## Cross-browser compatibility
To make sure that your embedded Metabase works in all browsers, put Metabase and the embedding app in the same top-level domain (TLD). The TLD is indicated by the last part of a web address, like `.com` or `.org`.
Note that your full-app embed must be compatible with Safari to run on _any_ browser in iOS (such as Chrome on iOS).
## Embedding Metabase in a different domain
If you want to embed Metabase in another domain (say, if Metabase is hosted at `metabase.yourcompany.com`, but you want to embed Metabase at `yourcompany.github.io`), set the following [environment variable](../configuring-metabase/environment-variables.md):
> Skip this section if your Metabase and embedding app are already in the same top-level domain (TLD).
If you want to embed Metabase in another domain (say, if Metabase is hosted at `metabase.yourcompany.com`, but you want to embed Metabase at `yourcompany.github.io`), you can set the following [environment variable](../configuring-metabase/environment-variables.md):
`MB_SESSION_COOKIE_SAMESITE=None`
If you set this environment variable to "None", you must use HTTPS in Metabase to prevent browsers from rejecting the request. For more information, see MDN's documentation on [SameSite cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite).
If you set this environment variable to "None", you must use HTTPS in Metabase to prevent browsers from rejecting the request. For more information, see MDN's documentation on [SameSite cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite).
Note that `SameSite=None` is incompatible with most Safari and iOS browser versions (including any browser that runs on iOS, such as Chrome on iOS).
## Securing full-app embeds
Metabase uses HTTP cookies to authenticate people and keep them signed into your embedded Metabase, even when someone closes their browser session.
Metabase uses HTTP cookies to authenticate people and keep them signed into your embedded Metabase, even when someone closes their browser session. If you enjoy diagrammed auth flows, check out [Full-app embedding with SSO](https://www.metabase.com/learn/customer-facing-analytics/securing-embeds#full-app-embedding-with-sso).
To limit the amount of time that a person stays logged in, set [`MAX_SESSION_AGE`](../configuring-metabase/environment-variables.md#max_session_age) to a number in minutes. The default value is 20,160 (two weeks).
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment