iFrame activity detection capability
🧭 Activity Detection – postMessage
Integration
postMessage
Integration🔄 Purpose
To help the host application detect user activity within an embedded Worklio iFrame and manage session timeouts accordingly.
📡 Behavior
The embedded Worklio iFrame sends an activity signal to the parent window using:
window.parent.postMessage("activity", "*");
- ✅ Triggered on: mouse movement or keyboard input inside the iFrame.
- ⏱️ Rate-limited: emitted no more than once per minute, even during continuous interaction.
🛠️ Host App Integration
To capture and validate activity messages securely:
// Replace with the actual URL of the embedded iFrame
var url = "https://api.worklio.com/DispatcherICU?...";
var origin = new URL(url).origin;
window.addEventListener("message", function (e) {
if (e.origin !== origin) return;
if (e.data === "activity") {
// Reset host timeout or mark session as active
console.log("User is active in iFrame");
}
});
✅ Why Origin Check Is Important
Using window.parent.postMessage("activity", "*")
allows cross-origin messages.
To prevent spoofed messages from other sources, always validate the origin
before processing the message.
📝 Notes
- You can store the iFrame
url
dynamically if the session link is generated at runtime. - Adjust session timeout or activity tracking logic based on your app’s UX and security needs.
Updated about 10 hours ago