Embedded iframe
WorkBright can be embedded via an iframe using the following code snippet and attributes:
< iframe class="embedded-iframe"
width="100%"
height="1200"
frameBorder="0"
allow="geolocation *; camera *"
:src="placeholder"
title="embedded-demo"
sandbox="allow-scripts allow-same-origin allow-popups allow-forms allow-storage-access-by-user-activation"
></iframe>Attributes
| Attribute | Purpose |
|---|---|
class | CSS/JS selector hook. |
width | Sets the width of the element. |
height | Fixed height in pixels. |
frameBorder | Removes the default border. |
allow | Permissions Policy granting the framed content access to the geolocation and camera from any origin (*). Without this, they are blocked inside the frame. |
:src | Vue shorthand for v-bind:src. Binds src to the value set within. The value will be the base URL of the WorkBright app being embedded along with the sign in path. See Signing In with a One-Time Access Token for more information. |
title | An accessibility attribute (required by WCAG) that gives screen readers a human-readable name for the iframe's content. |
sandbox | Applies a security sandbox that restricts everything by default, then re-enables specific capabilities via tokens. |
Sandbox tokens
The sandbox attribute starts fully locked down and only re-enables what's listed:
| Token | Effect |
|---|---|
allow-scripts | Lets the embedded content run JavaScript. |
allow-same-origin | Allows the iframe to be treated as same-origin, which is necessary for sessionStorage access and cookie-based session auth. |
allow-popups | Allows the embedded app to open new windows/tabs (e.g., for document downloads or external links) |
allow-forms | Allows form submission. |
allow-storage-access-by-user-activation | Needed in browsers (Safari, Firefox) that partition third-party cookies, so the embedded session cookie can be accessed. |
Camera or geolocation not working?
If you are having issue with iframe blocking camera or geolocation, ensure that the following attribute is included:
allow="geolocation *; camera *" The following are useful to include as well to minimize blockages:
sandbox="allow-scripts allow-same-origin allow-popups allow-forms allow-storage-access-by-user-activation"Additionally, if Document Verification is being used, ensure that the iOS webview is configured with allowsInlineMediaPlayback set to true. This prevents iOS from automatically launching the native full-screen video recorder and allows the recording experience to remain inline within the webview.
