I am trying to open a notebook from another page wirth a window.open(url_nb) so that I can postMessage() from the parent page to the notebook.
The idea is to pass to frequently updated secrets to the notebook, which it can use to say retrieve data.
But unfortunately the messages do not go through. This is no obvious mistake as it works with a simple local page. I suspect this is because the notebook code is encapsulated in an iframe, and it appears the messages are not passed on. Is this diagnostic correct ? How to to that ? If not possible in the current state, would it be possible to pass down such messages ? Would there be security issues ? Is it even a good idea to try and pass secrets this way ? UrlParams work well for static params, but what if they change every few minutues ?
Alternatively, you can use downloading and embedding to host a copy of the notebook yourself. Then the code can run at the top-level window, and you’ll be able to post messages to it, too.
Ok ! Elegant !!
Having the notebook open the new window (authentication page) and posting messages (access tokens) back is even better !
This is giving me ideas about how to use observablehq as a flexible frontend to request protected (corp) APIs.
