Hi, I'm setting up Retool Embed for my org and have gotten it to work properly on localhost, which seems to bypass the Host Retool on the same top-level domain as the parent application. pre-req documented here.
We also have several testing + staging environments that are hosted on URLs different from our prod environment. When testing on those live https URLs, the Retool Embed component is blocked, presumably because the domain doesn't match our retool custom domain.
Is there any way to get around this? ie. by setting an environment specific custom domain?
Otherwise we won't be able to view the Retool Embedded app within our testing + staging app.
Relatedly, we will have some URLs on prod that will not match our Retool custom domain, because we are hosting apps on behalf of our clients which can set their own custom URLs in their DNS providers to point at our app.
Is there any way to work around this domain matching restriction, or will Retool Embed not work with our use case if we have many different URLs that can request an embed link?
Unfortunately it won't work well for this use case. Chrome and other browsers have phased out features that would allow for Embed to work cross-domain, and that's why we restrict embed to same-origin.
Just wanted to double check on my first question about testing on environments with different domains (eg. example.com and example-staging.com)- is this something your team might be able to support in the future?
There'd still be challenges with browsers if we did that (though you should be able to change those settings for yourself and other developers). Our general recommendation is to use subdomains on the main domain (staging.example.com) and that should work well.
Gotcha. By adjusting my CSP frameSrc policy, I'm able to get the iframe to successfully display the Retool App UI no matter my client's URL, which is similar to how we use other platforms' embed tools.
For Retool Embed I'm still seeing "You don't have access to resource X in the production environment" when the Retool App tries to run the underlying database queries that I set up in Retool.
Is this part of what you mean is blocked internally on Retool's side, to disallow running queries based on a domain mismatch, even if the Embed app is displayed?