Nerd-puzzle: how might I allow sibling same-origin iframes to communicate, given…
- parent is cross-origin
- can’t execute JS on parent
- no sessionStorage, localStorage, cookies, or IDB access
- with enough security to share auth tokens?
Conversation
I guess there's also the "redesign not to have iframes" hot take, which you may have discarded at first, but maybe there's a way, if contrived, to make it work that is more robust longer term
1
Right. This is for Orbit, obviously. I can make it work better if the publisher’s willing to let me execute JS, but that’s often not possible: I’d like Orbit to be embeddable in Medium, Notion, WordPress, Confluence, etc, and that means sandboxed iframes.
2
1
3
What about an SDK they control, and you expose an API on your end?
1
Replying to
That SDK exists, and it’s called Embed.ly! :) To get a special deal giving me what I need is definitely out of scope until world domination plans are further along…
Replying to
But make an Orbit-React one, put it in github, all the cool kidz will love it :p
1
I already have, minus the Github part! :) If you’re self-hosting or whatever, then yeah, we can collaborate with the first party to create a better experience.
1
1
Show replies
Hey Andy! What is orbit? And what are you using embedly for in this context?
1
Simple way to describe is: a service for embedding SRS prompts into any web page. More: patreon.com/posts/bringing
I must support Embed.ly’s constraints to make these prompts embeddable in walled gardens like Medium, Notion, Confluence, etc.
1