Because why not? When user AA wondered why his IFRAMEd pages (inside other pages in the same domain) seemed to be ignoring RTP reactions, I resolved to get to the bottom of it.

On the technical level, as it turns out, there's no mystery: the RTP JS library disables itself when it determines it's running in an <iframe>.

On the business level, this doesn't make any sense:

(a) it assumes an adversarial relationship between the outer domain and the IFRAMEd domain, which obviously isn't the case when you operate both domains


(b) even if the inner and outer domains don't trust each other, there's tech that already exists to solve that: the outer can use the <iframe sandbox> attribute to neuter the inner, and the inner can have an optional (as opposed to mandatory) restriction on running in a frame

Luckily, you can fix it by inserting one line of JS after the last line of the RTP embed code



Read the full post on TEKNKL :: Blog →