Skip to content

Enable iframe sandbox relaxation (allow-downloads) for Fabric data apps #46

Description

@barischn

Problem statement

Summary

File downloads are impossible from a Rayfin app running inside the Fabric Portal, because the Fabric data app workload renders the app in a sandboxed iframe without the allow-downloads attribute. It would be great if Rayfin enabled Fabric's sandbox relaxation mechanism for data apps, so that apps generating files (documents, exports, reports) can offer downloads directly.

Current behavior

  • The app is deployed with rayfin up and runs inside the Fabric Portal in an iframe sandboxed with allow-same-origin allow-scripts only.
  • Any download attempt from inside the iframe — <a download>, file-saver's saveAs(), window.open() with a blob URL — is silently blocked by the browser. This is intended browser behavior for sandboxed iframes without allow-downloads (see Chrome Platform Status and the WHATWG discussion), so there is no client-side workaround.
  • As a workaround, we currently show a notice asking the user to copy the app URL and reopen it in a regular browser tab, where downloads work. This is a poor experience for an app whose core output is a downloadable file.

Expected behavior

Downloads initiated by user action inside the app should work while the app is embedded in the Fabric Portal.

Environment

  • Rayfin guide/docs version: 1.33.2
  • Deployment target: Fabric data app (managed workload, rayfin up)
  • Browsers tested: Chromium-based (behavior is per HTML spec, so all modern browsers are affected)

Use case

Our app converts user-uploaded .docx files and produces new documents. The download of the generated file is the app's primary output, so the current limitation forces every user through the "copy link → open in a new tab" detour on every use.

Proposed solution

Proposed solution

Fabric already has an official mechanism for this: workloads built with the Extensibility Toolkit can set <EnableSandboxRelaxation>true</EnableSandboxRelaxation> in the workload manifest. After an additional user consent, the iframe is granted allow-downloads, allow-forms, and allow-popups — see How-To: Relax the iFrame.

Since the Fabric data app workload manifest is managed by Rayfin, app developers cannot opt into this themselves. Could Rayfin:

  1. Enable sandbox relaxation on the Fabric data app workload (with the standard consent flow), or
  2. Expose it as an opt-in setting (e.g., in rayfin.yml) for apps that need downloads?

Alternatives considered

No response

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions