Eugene Sapozhnikov created ZEPPELIN-320:
-------------------------------------------
Summary: Export paragraph as iframe with static content for the
open web
Key: ZEPPELIN-320
URL: https://issues.apache.org/jira/browse/ZEPPELIN-320
Project: Zeppelin
Issue Type: Improvement
Components: GUI
Reporter: Eugene Sapozhnikov
"Link to this paragraph" is a very powerful feature, it may allow embedding
analytics graphs to other pages for example dashboards.
I secured zeppelin with basic auth by putting zeppelin behind nginx proxy. Now
I want to have iframes publicly accessible and here goes why I can't have it.
The problem is iframe is designed in a way that prevents security.
1. It shares the URL of zeppelin web home (root /), so url-based security is
not possible
2. Even worse, it uses web socket transport to get data for paragraph. This
means whenever you have access to one iframe you can control the whole zeppelin
instance.
What I propose in this feature is to have:
1. separate endpoint for iframe html page, for example /paragraph-export/UUID
2. separate HTTP endpoint for getting data results for a paragraph, for example
/paragraph-export/UUID/data.json
// Step #2 may be embedded to #1 so that Iframe HTML already contains data for
exported paragraph.
So basically when you click "export this paragraph as Iframe" you have a piece
of html that can be embedded to any public website without security hole
present.
It also allows saving page locally, caching it, putting it to CDN (so zeppelin
is not overloaded).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
