windows.postMessage from embedded iframe to parent page

Context: we are handling the communication from embedded framework to our web page using contentWindow.postMessage() according to https://developer.mypurecloud.com/forum/t/embeddable-framework-accessing-parent-page/3099/2

Found example in https://github.com/MyPureCloud/embedded-crm-pef-example/blob/master/public/framework.js

In framework.js

crmDomain = new URLSearchParams(window.location.search).get('crm_domain');

< **iframe allow="camera *; microphone ; autoplay " src="https://apps.mypurecloud.com/crm/embeddableFramework.html?enableFrameworkClientId=true&crm_domain= https://localhost ” width="100%" height="100%" ></ iframe >

We use the domain specified in the iframe url. I am wondering if there is an alternative way for doing that for security concerns. thanks

You can hard code it in the framework.js file.

you can also follow this flow:

1. parent app does a windows.postmessage to the iframe with the parent domain as the payload and that postmessage can be scoped to "apps.mypurecloud.com"
2. the framework is listening for that message before defining the window.framework domian in the framework file
3. use the payload that contains the parent domain to for all postmessages in the framework.js file

Thank you. I think the second option works better

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.