Detect Foundry domain in Workshop custom widget

We are developing a custom widget for use in Workshop. This widget uses the OSDK for API access, so it needs an authenticated session. However, this poses a problem during development, since we have two different top-level domains: one is for all of Foundry, which we use for developing data pipelines, the Workshop app, etc. The second is where we serve the Workshop application to customers, who have user accounts in a different organization.

What I would like to do is authenticate through domain one if workshop is served on the main Foundry domain, and authenticate through domain two if the app is served on the product domain. Note that this doesn’t correspond to development/production, since during Workshop development, the widget urls will still point to the production version of the code, unless someone is developing the widget itself.

Things I’ve tried:

  • Use the referrer: Foundry sets the Referrer-Policy header to strict-origin-when-cross-origin, which means we can’t use document.referrer to access the iframe’s parent.
  • Use ancestorOrigins: doesn’t support Firefox.
  • Pass as a parameter from Workshop to the widget: I haven’t found a way to get the domain in the workshop app: typescript functions don’t have access to the browser context.

Does anyone have any ideas how to achieve this?