HTML Custom Widget: Disable Sandbox or Work Around

[cgorman-cu]

Hello,
I have the Azure hosted Developer portal.

Is there any way to deploy Custom HTML code in a different way than what is currently implemented?

JavaScript code in my Custom HTML code needs to access the window.parent property.

However there is no hostname for the Custom HTML, I am pretty sure that the Custom HTML code are loaded from as a widget from a local file-system with sandbox enabled, which prevents access to the parent document.

I want to refrain from disabling sandbox for security reasons; instead, I want to change how the Custom HTML is loaded.

Could I have the the Custom HTML code/widget loaded from the same server, so it has the same origin that the Developer Portal has?

That way I don't have to deal with CORS and the Custom HTML can access the properties that I need.

Or would it be easier to import a Custom TypeScript Widget and add a CORS policy that allows the domain from the server that is hosting the TypeScript Widget?

[cgorman-cu]

I just figured it out.

You can't use Custom HTML code it interact with window.parent; instead, you need to import a custom widget.

In npm for the project that you are importing, you have to use the @azure/api-management-custom-widgets-tools package to get data about the windows.parent page.