Browser security and CORS, also forum search

Submitted by rodneyt on Thu, 11/26/2020 - 00:16
Forums: 
Developers

Hi everyone,

Does search h5p.org search the forum - is there a specific forum search feature (if so I haven't discovered it...)

This year there have been a number of security updates to browser (especially Chrome).  In the situation where a developer is loading H5P content within an iFrame in their web application, it would be handy to have a standard javascript mechanism to be able to share data between host page and the child frame (h5p).  Does such a mechanism exist at the moment?  CORS issues will otherwise prevent sharing.  For example, something as simple as being able to retrieve results data out of an H5P object to save/restore state, or pass in a parameter needed for metadata (such as the long URL of the parent page) that might not be accessible to the iframe.  If these issues have been discussed before can someone point me to the relevant discussion or API documentation - that would be much appreciated.

Kind Regards,

Rodney Tamblyn

Co-founder | www.ob3.io

otacke's picture

otacke

Thu, 11/26/2020 - 07:14

Hi Rodney!

In JavaScript you can setup your custom communication system using Window.postMessage. For instance, H5P's iframe resizer uses that mechanism. Please don't forget about authentication, encryption etc. if you implement something like this for sensitive data such as user results.

Best,

Oliver