@casthub/embed
Advanced tools
@casthub/embed provides a single Vue 3 hook which can be used to communicate between an iFrame and its parent via postMessage IPC.
sync/async messaging/responsesThis package is available via NPM:
yarn add @casthub/embed
# or
npm install @casthub/embed
For this example, we'll assume the host is a webpage (example.com) and the client is a webpage embedded in an iFrame (frame.example.com). The only difference between a host and a client is that the host requires an iFrame ref for binding and sending the messages.
/**
* Host
*/
<template>
<iframe
src="https://frame.example.com"
ref="iframe"
sandbox="allow-scripts"
/>
</template>
<script lang="ts" setup>
import { useEmbed } from '@casthub/embed';
import { ref, onMounted } from 'vue';
const iframe = ref<InstanceType<typeof HTMLIFrame>>();
const { send, events } = useEmbed('host', {
id: 'shared-id',
iframe,
remote: 'https://frame.example.com',
});
// Listen for any synchronous events being emitted over IPC
events.on('yay', payload => {
console.log(payload);
});
onMounted(async () => {
// Send an event to the iFrame and wait for a response.
const response = await send('hello-world', {
hello: 'world',
});
});
</script>
/**
* Client
*/
<template>
<button @click.prevent="submit">Click me!</button>
</template>
<script lang="ts" setup>
import { useEmbed } from '@casthub/embed';
const { handle, post } = useEmbed('client', {
id: 'shared-id',
remote: 'https://example.com',
});
// Resolves incoming (a)synchronous operations.
handle('hello-world', async (payload) => {
if (payload.hello === 'world') {
return 'hey';
}
return 'go away';
});
const submit = () => {
// Send a synchronous event to the host
post('yay', { test: 123 });
};
</script>
This example shows:
Since communication is bi-directional, you can use any of the methods on either Host or Client. For example, asynchronous operations aren't limited to Host -> Client, the Client can also call asynchronous operations and the Host can register handlers/resolvers.
| Option | Default | Type | Description |
|---|---|---|---|
id | [Required] | string | The Host and Client that you want to talk to each other should share the _same_ ID. |
timeout | 15000 | number | Configures the global timeout for all asynchronous operations against this ID pair. |
iframe | [Required for Host] | Ref<InstanceType<typeof HTMLIFrame>> | A Vue 3 ref for a Template reference. |
remote | * | string | A remote URL to limit who can recieve/process Events over this Host/Client pair. |
debug | false | boolean | Whether to print Debug messages to the console, providing an overview of the IPC process. |
By default, if you don't supply a remote, the library will process all incoming messages and send events that any party can recieve. By setting this to a URL (See above example), you can limit this and hugely reduce the impact it has on security.
1.0.25 (2022-01-18)
FAQs
Vue 3 Utility Hook for cross-origin iFrame IPC
We found that @casthub/embed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.