iFrame activity detection capability
π§ Activity Detection β postMessage Integration
postMessage Integrationπ Purpose
To help the host application detect user activity within an embedded Worklio iFrame and manage session timeouts accordingly.
π‘ Behavior
The embedded Worklio iFrame sends an activity signal to the parent window using:
window.parent.postMessage("activity", "*");- β Triggered on: mouse movement or keyboard input inside the iFrame.
- β±οΈ Rate-limited: emitted no more than once per minute, even during continuous interaction.
π οΈ Host App Integration
To capture and validate activity messages securely:
// Replace with the actual URL of the embedded iFrame
var url = "https://api.worklio.com/DispatcherICU?...";
var origin = new URL(url).origin;
window.addEventListener("message", function (e) {
if (e.origin !== origin) return;
if (e.data === "activity") {
// Reset host timeout or mark session as active
console.log("User is active in iFrame");
}
});β
Why Origin Check Is Important
Using window.parent.postMessage("activity", "*") allows cross-origin messages.
To prevent spoofed messages from other sources, always validate theorigin before processing the message.
π Notes
- You can store the iFrame
urldynamically if the session link is generated at runtime. - Adjust session timeout or activity tracking logic based on your appβs UX and security needs.
Updated 14 days ago