Embedded iframe

WorkBright can be embedded via an iframe using the following code snippet and attributes:

< iframe class="embedded-iframe" 
	width="100%" 
	height="1200" 
	frameBorder="0" 
	allow="geolocation *; camera *"  
  :src="placeholder" 
	title="embedded-demo" 
	sandbox="allow-scripts allow-same-origin allow-popups allow-forms allow-storage-access-by-user-activation"
        
></iframe>

Attributes

AttributePurpose
classCSS/JS selector hook.
widthSets the width of the element.
heightFixed height in pixels.
frameBorderRemoves the default border.
allowPermissions Policy granting the framed content access to the geolocation and camera from any origin (*). Without this, they are blocked inside the frame.
:srcVue shorthand for v-bind:src. Binds src to the value set within. The value will be the base URL of the WorkBright app being embedded along with the sign in path. See Signing In with a One-Time Access Token for more information.
titleAn accessibility attribute (required by WCAG) that gives screen readers a human-readable name for the iframe's content.
sandboxApplies a security sandbox that restricts everything by default, then re-enables specific capabilities via tokens.

Sandbox tokens

The sandbox attribute starts fully locked down and only re-enables what's listed:

TokenEffect
allow-scriptsLets the embedded content run JavaScript.
allow-same-originAllows the iframe to be treated as same-origin, which is necessary for sessionStorage access and cookie-based session auth.
allow-popupsAllows the embedded app to open new windows/tabs (e.g., for document downloads or external links)
allow-formsAllows form submission.
allow-storage-access-by-user-activationNeeded in browsers (Safari, Firefox) that partition third-party cookies, so the embedded session cookie can be accessed.

Camera or geolocation not working?

If you are having issue with iframe blocking camera or geolocation, ensure that the following attribute is included:

	allow="geolocation *; camera *" 

The following are useful to include as well to minimize blockages:


sandbox="allow-scripts allow-same-origin allow-popups allow-forms allow-storage-access-by-user-activation"

Additionally, if Document Verification is being used, ensure that the iOS webview is configured with allowsInlineMediaPlayback set to true. This prevents iOS from automatically launching the native full-screen video recorder and allows the recording experience to remain inline within the webview.