Iframe reloading infinitely

My metabase EE instance is deployed on an AWS EC2 and I’ve embedded metabase app on my web app.
But when I run the metabase.jar file locally it works fine but the one on EC2 instance shows unauthenticated and reloads the iframe continuously. Just to add my EC2 link is http (non-secure)
And my webapp is running on localhost:3000

When I copy the signed token from the network tab of google chrome it opens my app perfectly.
And user last login status is updated but user is shown as unauthenticated.

Why is this happening?

@pdagar29 - I’ve run into this issue as well… while trying to embed locally in a SPA, while using a “remote” Metabase. Metabase will continuously loop trying to get /user/current after successful “sign-in”.

The solve for me, is to deploy my web app to the same TLD (top level domain) - everything then begins to work.

A couple of things to validate: Make sure you’ve got SSO setup correctly so that sign-on in your web app, creates a session in your IdP that Metabase can use, which regardless of embedding, will allow you to “switch” between both applications with only having to log into one (or the other).

Next, I found the only way for this to work is if Metabase and my custom SPA app were on the same domain. For example Metabase can be reached at: https://analytics.mydomain.com - and if I hosted my SPA on https://myapp.mydomain.com - the embed worked perfectly (so long as SSO was working).

I’m hoping a potential solve could be that they build in some sort of “whitelabel” for localhost remote address requests which would allow this type of “development” to happen. That is to say, allow embedding of a remote Metabase instance into a locally running app for development and testing purposes.

I first recorded this issue here: Enterprise Embed - Endless 401 Loop after initial load

@flamber @camsaul