Custom visualization widget fails to load after integration with external analytics platform in aziotc

kimberlydev · August 22, 2025, 3:32pm

After integrating an external analytics tool, custom visualization widgets fail to load with CORS errors in the browser console. We embedded a third-party analytics dashboard using their provided iframe code, but now our Azure IoT Central dashboard shows blank spaces where the custom widgets should appear.

The embed code looks like this:

<iframe src="https://analytics.example.com/embed/dashboard"
  width="100%" height="600px" frameborder="0">
</iframe>

Browser console shows: “Blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header”. The analytics platform requires API authentication via bearer token, and we suspect widget sandboxing might be interfering. Our embed code compatibility seems fine since the same code works on a standalone HTML page. Has anyone successfully integrated external analytics with custom IoT Central visualization widgets?

samantha_pro · August 28, 2025, 5:30pm

You can’t pass bearer tokens directly through iframes for security reasons. You need to implement a proxy service that handles authentication server-side. Create an Azure Function that authenticates with the analytics platform, retrieves the data, and serves it to your widget. This way the authentication happens in the backend and your iframe just loads the proxied content without needing to handle tokens.

kimberlydev · August 22, 2025, 4:10pm

CORS errors in iframe contexts usually mean the external site hasn’t whitelisted your Azure IoT Central domain. You need to contact the analytics platform and have them add your IoT Central URL to their CORS allowed origins. This is a server-side configuration on their end, nothing you can fix from your dashboard code.

kimberlydev · August 29, 2025, 4:19pm

Have you checked the Content Security Policy headers? IoT Central enforces strict CSP that can block external iframe sources. You might need to request a CSP exception for your analytics domain. Also, some analytics platforms use postMessage for cross-origin communication - make sure your widget code includes a message handler to receive data from the embedded analytics iframe.

nicole_arch · September 1, 2025, 6:48am

Your integration is hitting multiple security boundaries in Azure IoT Central’s widget system. Here’s how to properly implement external analytics integration:

CORS Configuration: While the analytics platform whitelisted your domain, the issue is bidirectional. IoT Central’s CSP blocks the response. You need to configure both sides. Add this to your widget’s custom properties:

widgetConfig.securityPolicy = {
  allowedOrigins: ['https://analytics.example.com'],
  allowCredentials: true
};

Then request CSP exception through Azure Portal > IoT Central > Security Settings > Content Security Policy > Add Trusted Domain.

Widget Sandboxing: IoT Central’s sandbox is intentionally restrictive. Instead of direct iframe embedding, use the Widget SDK’s secure embed method:

const widget = new SecureEmbedWidget({
  source: 'https://analytics.example.com/embed/dashboard',
  sandbox: ['allow-scripts', 'allow-same-origin'],
  authProxy: '/api/analytics-proxy'
});

Embed Code Compatibility: Replace static iframe with dynamic loading through the Widget SDK. This handles sandbox permissions correctly and provides authentication bridging.

API Authentication: Implement an Azure Function proxy for authentication. Create endpoint /api/analytics-proxy that:

Receives widget requests
Adds bearer token from Azure Key Vault
Forwards to analytics platform
Returns response to widget

Proxy code structure:

const token = await keyVault.getSecret('analytics-api-token');

const response = await fetch(analyticsUrl, {

  headers: { 'Authorization': `Bearer ${token}` }

});

return response.json();

This keeps credentials server-side and avoids CORS issues. Update your embed code to use the proxy endpoint instead of direct analytics URL. Configure the proxy URL in widget settings, and IoT Central will automatically route requests through your authentication layer.

Also verify that your analytics platform supports postMessage API for cross-origin communication. If they do, implement a message listener in your widget to handle data updates without needing direct iframe access. After these changes, the widget will load properly within IoT Central’s security constraints while maintaining full analytics functionality.

gregorycoder · August 26, 2025, 11:18pm

The analytics platform confirmed our IoT Central domain is in their CORS whitelist. We tried adding sandbox attributes but IoT Central strips them out when the widget loads - seems like there’s a security policy preventing certain sandbox permissions. The API authentication is also failing because we can’t pass the bearer token through the iframe. How do others handle authenticated external embeds?

matthewguru · August 23, 2025, 9:53pm

The issue isn’t just CORS - it’s how IoT Central handles custom widget sandboxing. Custom widgets run in a restricted sandbox that blocks certain iframe attributes and cross-origin requests. Check if your widget configuration has sandbox permissions enabled. You need to add ‘allow-same-origin’ and ‘allow-scripts’ to the sandbox attribute for embedded analytics to work.

Topic		Replies	Views
Embedded analytics widget fails to load in cloud deployment - CORS Snowflake question , cloud-deploy , rest-api , embedded-analytics , javascript , web-integration , cors-error , snow-7-5 , iframe-widget	3	0	July 3, 2025
Social listening widget not loading in cloud CRM iframe integration Zoho CRM question , integration , iframe , social-listening , zoho-2021 , javascript , cloud-deploy-hosting , cors-error , widget	3	1	April 22, 2025
Knowledge base widget not loading in iframe on cloud-hosted customer portal Zoho CRM question , knowledge-base , zoho-2023 , javascript , customer-support , cloud-deploy-hosting , widget , iframe-embed , x-frame-options	6	3	March 16, 2025
Embedded analytics dashboard extension fails to load in custom portal Tableau CRM (Einstein Analytics) question , security-auth , dashboard-design , embedded-analytics , javascript , cors , customer-experience , tcrm-2023 , extension-load-error	3	0	September 15, 2025
Integration dashboard not displaying third-party data widgets after API connection Cisco IoT Cloud Connect question , integration , visualization , dashboard-permissions , third-party , api-mapping , cciot-25 , widget-manifest	6	0	November 14, 2025
Embedded analytics iframe fails with CORS policy violation when loading from external domain Qlik Sense question , cloud-deploy , qlik-2019 , embedded-analytics , embedding-api , cors-policy-violation , iframe-security , authentication-token , web-integration	3	0	September 21, 2025
Analytics dashboard widgets not loading after cloud migration in hs-2023 HubSpot question , dashboard , rest-api , analytics-reporting , cloud-migration , hs-2023 , cloud-deploy-hosting , widgets-not-loading , metrics-unavailable	3	1	August 17, 2025
Custom widgets with SDK vs native controls for viz-dashboard module in aziot-24 Microsoft Azure IoT discussion , api-development , performance , customization , javascript , viz-dashboard , aziot-24 , dashboard-sdk , ui-flexibility	5	0	February 8, 2025
Custom map widget for territory assignment not loading after UI theme update, breaking sales rep view Zendesk Sell question , territory-mgmt , zs-2022 , javascript , client-side-customization , cors-error , html , custom-widget , ui-rendering	6	0	May 24, 2025

Custom visualization widget fails to load after integration with external analytics platform in aziotc

Related topics