feat(embedded): enforce allow domains

[lilykuang]

SUMMARY

• enforce allow domains list for embedded

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[codecov]

Codecov Report

Merging #20251 (c507336) into master (d1c24f8) will decrease coverage by 0.16%.
The diff coverage is 0.00%.

❗ Current head c507336 differs from pull request most recent head d0d0010. Consider uploading reports for the commit d0d0010 to get more accurate results

@@            Coverage Diff             @@
##           master   #20251      +/-   ##
==========================================
- Coverage   66.65%   66.49%   -0.17%     
==========================================
  Files        1729     1726       -3     
  Lines       64906    64799     -107     
  Branches     6842     6831      -11     
==========================================
- Hits        43266    43090     -176     
- Misses      19891    19977      +86     
+ Partials     1749     1732      -17     

Flag	Coverage Δ
javascript	51.32% <0.00%> (-0.26%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
superset-frontend/src/embedded/index.tsx	0.00% <0.00%> (ø)
superset-frontend/src/types/bootstrapTypes.ts	100.00% <ø> (ø)
...nd/plugins/plugin-chart-table/src/controlPanel.tsx	16.66% <0.00%> (-34.08%)	⬇️
superset-frontend/src/explore/store.js	58.33% <0.00%> (-33.34%)	⬇️
superset/db_engine_specs/trino.py	71.42% <0.00%> (-20.51%)	⬇️
...et-ui-chart-controls/src/shared-controls/index.tsx	37.03% <0.00%> (-17.60%)	⬇️
...tend/plugins/plugin-chart-echarts/src/controls.tsx	56.66% <0.00%> (-6.67%)	⬇️
...et-frontend/src/explore/reducers/exploreReducer.js	28.75% <0.00%> (-6.04%)	⬇️
...ontend/src/explore/controlUtils/getControlState.ts	85.18% <0.00%> (-5.56%)	⬇️
...-frontend/src/components/CopyToClipboard/index.jsx	96.00% <0.00%> (-4.00%)	⬇️
... and 75 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d1c24f8...d0d0010. Read the comment docs.

[suddjian]

Let's make this check in the backend, on the /embedded/:uuid view. If the domain is not in the list, we can return an error message instead of rendering the embedded page at all.