post-robot
Advanced tools
Cross domain post-messaging on the client side, using a simple listener/client pattern.
Send a message to another window, and:
postRobot.on('getUser', function(event) {
return {
id: event.data.id,
name: 'Zippy the Pinhead'
};
});
postRobot.send(someWindow, 'getUser', { id: 1337 }).then(function(event) {
console.log(event.source, event.origin, 'Got user:', event.data.name);
}).catch(function(err) {
console.error(err);
});
postRobot.on('getUser', function(event) {
return getUser(event.data.id).then(function(user) {
return {
name: user.name
};
});
});
postRobot.on('getUser', { id: 1337 }, function(event, callback) {
setTimeout(function() {
callback(null, {
id: event.data.id,
name: 'Captain Pugwash'
});
}, 500);
});
postRobot.once('init', function(event) {
return {
name: 'Noggin the Nog'
};
});
postRobot.on('init', { window: window.parent }, function(event) {
return {
name: 'Guybrush Threepwood'
};
});
postRobot.on('init', { domain: 'http://zombo.com' }, function(event) {
return {
name: 'Manny Calavera'
};
});
postRobot.send(someWindow, 'getUser', { id: 1337 }, { timeout: 5000 }).then(function(event) {
console.log(event.source, event.origin, 'Got user:', event.data.name);
}).catch(function(err) {
console.error(err);
});
postRobot.send(someWindow, 'getUser', { id: 1337 }, { domain: 'http://zombo.com' }).then(function(event) {
console.log(event.source, event.origin, 'Got user:', event.data.name);
});
postRobot.sendToParent('getUser').then(function(event) {
console.log(event.data);
});
postRobot.on('getUser', async ({ source, origin, data }) => {
let user = await getUser(data.id);
return {
id: data.id,
name: user.name
};
});
try {
let { source, origin, data } = await postRobot.send(someWindow, `getUser`, { id: 1337 });
console.log(source, origin, 'Got user:', data.name);
} catch (err) {
console.error(err);
}
For security reasons, it is recommended that you always explicitly specify the window and domain you want to listen to and send messages to. This creates a secure message channel that only works between two windows on the specified domain:
postRobot.on('getUser', { window: childWindow, domain: 'http://zombo.com' }, function(event) {
return {
id: event.data.id,
name: 'Frodo'
};
});
postRobot.send(someWindow, 'getUser', { id: 1337 }, { domain: 'http://zombo.com' }).then(function(event) {
console.log(event.source, event.origin, 'Got user:', event.data.name);
}).catch(function(err) {
console.error(err);
});
Post robot lets you send across functions in your data payload, fairly seamlessly.
For example:
postRobot.on('getUser', function(event) {
return {
id: event.data.id,
name: 'Nogbad the Bad',
logout: function() {
currentUser.logout();
}
};
});
postRobot.send(myWindow, { id: 1337 }, 'getUser').then(function(event) {
var user = event.data;
user.logout().then(function() {
console.log('User was logged out');
});
});
The function user.logout() will be called on the original window. Post Robot transparently messages back to the
original window, calls the function that was passed, then messages back with the result of the function.
Because this uses post-messaging behind the scenes and is therefore always async, user.logout() will always return a promise, and must be .then'd or awaited.
Unfortunately, IE blocks direct post messaging between a parent window and a popup, on different domains.
In order to use post-robot in IE9+ with popup windows, you will need to set up an invisible 'bridge' iframe on your parent page:
[ Parent page ]
+---------------------+ [ Popup ]
| xx.com |
| | +--------------+
| +---------------+ | | yy.com |
| | [iframe] | | | |
| | | | | |
| | yy.com/bridge | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | +--------------+
| +---------------+ |
| |
+---------------------+
a. Create a bridge path on the domain of your popup, for example http://yy.com/bridge.html, and include post-robot:
<!-- http://yy.com/bridge.html -->
<script src="http://yy.com/js/post-robot.js"></script>
b. In the parent page, xx.com, which opens the popup, include the following javascript:
<!-- http://xx.com -->
<script>
postRobot.openBridge('http://yy.com/bridge.html');
</script>
c. Now xx.com and yy.com can communicate freely using post-robot, in IE.
FAQs
Simple postMessage based server.
The npm package post-robot receives a total of 49,701 weekly downloads. As such, post-robot popularity was classified as popular.
We found that post-robot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.
Security News
Newly introduced telemetry in devenv 1.4 sparked a backlash over privacy concerns, leading to the removal of its AI-powered feature after strong community pushback.