Guys, good afternoon!
In a dashboard / question that has been embedded, your link usually placed in an iframe has a structure similar to this code snippet:
If you can view the source code (decripting the same) of the frame, can you be able to access the Metabase server? The idea is that this server can not be accessed from embedded dashboards, this would be a security flaw.
I did two tests:
Metabase [without] Authentication mode Configured: From a built-in dashboard (Not public link), I took the link and shared it with a user. The dashboard has been accessed normally.
Metabase [with] configured LDAP authentication mode: The built-in dashboard (Not public link) was also accessed normally without requesting authentication.
Question: How to make Metabase request authentication when the dashboard was embedded?