deployment.Rmd
So far, we’ve been running our shinytableau extensions locally from within RStudio. Needless to say, this isn’t a suitable deployment strategy for putting extensions into production—you don’t want Tableau dashboards to stop working just because you closed your laptop and went home!
Deploying shinytableau extensions is mostly no different than deploying any other kind of Shiny app. The three main options offered by RStudio are:
ShinyApps.io for cloud hosting of Shiny apps. This is definitely the easiest to get started, as there’s no software to install and configure, and you deploy your app by clicking a button in the RStudio IDE. Free and paid plans are available.
Shiny Server is our open-source solution for on-premises deployment. A Linux server is required, and you’ll need to install R and any R packages used by your Shiny apps. Deployment of apps is performed by copying files to the server and editing config files (similar to Nginx or Apache).
RStudio Connect is our flagship publishing platform. With RStudio Connect, you can share Shiny applications, R Markdown reports, Plumber APIs, dashboards, Jupyter Notebooks, interactive Python content, and more in one convenient place. Like ShinyApps.io, Shiny apps are deployed with push-button publishing from the RStudio IDE.
Authentication for shinytableau extensions is a bit more complicated than that of regular Shiny apps, and several different factors must be considered to balance your security needs with a smooth end-user experience. (Note that ShinyApps.io and RStudio Connect offer built-in support for authentication, but Shiny Server Open Source does not.)
The first question to consider is whether your shinytableau extension needs authentication at all. We anticipate that many or most shinytableau extensions will not have direct access to their own data, but instead read the data from the Tableau dashboard’s worksheets. If that is the case, and there’s no danger in having an unauthorized or even malicious user embedding the shinytableau extension in their own Tableau dashboard, then consider allowing anonymous access to your deployed extension. This will sidestep most of the issues in this section.
Second, it’s important to note that Safari 13.1 and newer prevent shinytableau authentication from working (this only affects Tableau Server and Tableau Online, not Tableau Desktop). This is because shinytableau extensions run within an <iframe>
, and will generally run on a different domain than the enclosing page (the Tableau dashboard); this configuration results in our authentication cookies being considered third-party cookies, which Safari 13.1 aggressively blocks. At the time of this writing, we do not have a solution for this problem, other than to ask users to turn off Safari 13.1’s third-party cookie blocking by going into Preferences > Privacy and unchecking the global Prevent cross-site tracking setting.
Third, if you still want to use authentication after the above caveats, note that logging into an app that is hosted in an iframe is not a good idea1 from a security perspective. RStudio Connect 1.8.6 has a special iframe authentication code path that launches a new browser window/tab to authenticate, which completely solves this problem, so we highly recommend going that route if you can. You can use ShinyApps.io and Shiny Server Pro for authenticated shinytableau extensions, but the user experience will be worse for users that have credentials for ShinyApps.io/Shiny Server Pro but are not logged in at the time that they visit the Tableau dashboard.
Most well-designed login forms will not allow themselves to be presented when hosted in an iframe, as a preventative measure against clickjacking and phishing attacks.↩︎