Nerd-puzzle: how might I allow sibling same-origin iframes to communicate, given…
- parent is cross-origin
- can’t execute JS on parent
- no sessionStorage, localStorage, cookies, or IDB access
- with enough security to share auth tokens?
Conversation
I guess there's also the "redesign not to have iframes" hot take, which you may have discarded at first, but maybe there's a way, if contrived, to make it work that is more robust longer term
1
Right. This is for Orbit, obviously. I can make it work better if the publisher’s willing to let me execute JS, but that’s often not possible: I’d like Orbit to be embeddable in Medium, Notion, WordPress, Confluence, etc, and that means sandboxed iframes.
2
1
3
What about an SDK they control, and you expose an API on your end?
1
That SDK exists, and it’s called Embed.ly! :) To get a special deal giving me what I need is definitely out of scope until world domination plans are further along…
2
Hey Andy! What is orbit? And what are you using embedly for in this context?
1
Replying to
Simple way to describe is: a service for embedding SRS prompts into any web page. More: patreon.com/posts/bringing
I must support Embed.ly’s constraints to make these prompts embeddable in walled gardens like Medium, Notion, Confluence, etc.
