iFrame activity detection capability

🧭 Activity Detection – postMessage Integration

πŸ”„ Purpose

To help the host application detect user activity within an embedded Worklio iFrame and manage session timeouts accordingly.


πŸ“‘ Behavior

The embedded Worklio iFrame sends an activity signal to the parent window using:

window.parent.postMessage("activity", "*");
  • βœ… Triggered on: mouse movement or keyboard input inside the iFrame.
  • ⏱️ Rate-limited: emitted no more than once per minute, even during continuous interaction.

πŸ› οΈ Host App Integration

To capture and validate activity messages securely:

// Replace with the actual URL of the embedded iFrame
var url = "https://api.worklio.com/DispatcherICU?...";
var origin = new URL(url).origin;

window.addEventListener("message", function (e) {
    if (e.origin !== origin) return;

    if (e.data === "activity") {
        // Reset host timeout or mark session as active
        console.log("User is active in iFrame");
    }
});

βœ… Why Origin Check Is Important

Using window.parent.postMessage("activity", "*") allows cross-origin messages.
To prevent spoofed messages from other sources, always validate theorigin before processing the message.


πŸ“ Notes

  • You can store the iFrame url dynamically if the session link is generated at runtime.
  • Adjust session timeout or activity tracking logic based on your app’s UX and security needs.