Embedding Notebooks
A notebook can be embedded using a standard iframe element. In order for the iframe to load, the user must be logged into Sourcegraph. The notebook embedding URL is an authenticated endpoint.
Domain considerations
Certain browsers (i.e. Safari and Firefox) block cross-domain cookies from being sent in iframe requests. This will prevent an embedded notebook from being displayed, even when a user is logged into Sourcegraph from the same browser. To ensure that notebook embedding requests will be permitted to load for all of your logged-in Sourcegraph users, the Sourcegraph instance must be hosted on the same domain as the page that loads the iframe element. For Cloud customers, see Custom Domains.
How to embed
To create the embedding URL, copy the notebook URL (e.g. https://your-sourcegraph-instance.com/notebooks/notebook-id
), and add the /embed
prefix directly before the /notebooks
segment:
https://{your-sourcegraph-instance.com}/embed/notebooks/{notebook-id}
Once you have the embedding URL, create an iframe element and use the embedding URL as the src
attribute value. See example iframe below:
<iframe src="https://your-sourcegraph-instance.com/embed/notebooks/notebook-id" frameborder="0" sandbox="allow-scripts allow-same-origin allow-popups" ></iframe>
Security
We recommend using the sandbox
attribute to apply extra security restrictions to the iframe. Notebooks require three exceptions: allow-scripts
allows executing Javascript scripts, allow-same-origin
allows access to local storage and cookies, and allow-popups
allows opening links in a separate tab.
Enable embedding notebooks on private instances
Embedding is disabled by default on private instances. A site-admin can enable embedding by running the following GraphQL mutation in the API console, located at https://{your-sourcegraph-instance.com}/api/console
:
mutation { createFeatureFlag(name: "enable-embed-route", value: true) { ... on FeatureFlagBoolean { name value } } }