amp-access-iframe-api
Advanced tools
Readme
The access iframe is an experimental implementation of access protocol. It requires "amp-access-iframe" experiment turned on in the AMP document for it to work.
The AmpAccessIframeApi is the entry point for access iframe implementation. As its main parameter it requires an instance of AccessController, which simply implements all methods of access protocol such as authorize and pingback.
The document's access configuration would use the "iframe" type. For instance:
<script id="amp-access" type="application/json">
{
"type": "iframe",
"iframeSrc": "https://example.org/access-controller-iframe",
"iframeVars": [
"READER_ID",
"CANONICAL_URL",
"AMPDOC_URL",
"SOURCE_URL",
"DOCUMENT_REFERRER"
],
"defaultResponse": {...}
}
</script>
The instrumentation would normally look like this:
/** Implements AccessController interface */
class Controller {
connect(origin, protocol, config) {
// Initialize the controller.
// Important! Ensure that the "origin" is an acceptable value.
}
authorize() {
// Return a promise that will yield the authorization response.
}
pingback() {
// Handle the "impression" event.
}
}
var iframeApi = new AmpAccessIframeApi(new Controller());
iframeApi.connect();
The connect method should perform two main tasks:
The config argument in the connect method will contain the original document config with iframeVars replace with the map of resolved AMP variables. See Access URL Variables for more details. For instance, for the example above the config value could look like this:
{
"type": "iframe",
"iframeSrc": "https://example.org/access-controller-iframe",
"iframeVars": {
"READER_ID": "1234abd456",
"CANONICAL_URL": "https://example.org/doc1",
"AMPDOC_URL": "https://example-org.cdn.ampproject.org/doc1.amp",
"SOURCE_URL": "https://example.org/doc1.amp",
"DOCUMENT_REFERRER": "https://other.com"
}
}
The authorize method checks whether the user should be able to access this document. It's expected to be an open-ended JSON structure that can be used for access expressions.
Strong timeout and one-behind semantics are observed for authorization call. If the authorize() method does not return within a 3s timeout, the previously returned authorization response is used. If no previous response is available or it's too old, the defaultResponse value from the configuration is used. However, even in case of timeout, the iframe authorization will continue until fully complete and will be made available for the next authorization attempt.
The pingback method is optional. If specified, it can implement impression event. The main purpose of this method is metering implementation.
FAQs
IFrame API for amp-access
The npm package amp-access-iframe-api receives a total of 5 weekly downloads. As such, amp-access-iframe-api popularity was classified as not popular.
We found that amp-access-iframe-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.