keycombiner
keycombiner copied to clipboard
Allow to embed KeyCombiner in iframes
Requested via mail
Currently, KeyCombiner's CSRF protection prevents embedding it in iframes. Check how iframe embedding can be allowed without compromising on security.
I have played around with this a bit. Some potential issues
- The
Keyboard.getLayoutMap()
API is only available from a top-level browsing context and will not work in an iframe. Users might not be aware. - KeyCombiner can detect if the client is the official desktop app and then allow to practice browser shortcuts. This does not work with iframes embedded in other desktop software, such as Obsidian.
- Tools like Notion seem to only embed certain apps as iframes. Even if KeyCombiner would allow embedding, it would likely not work in Notion and many other apps. I did manage to get it to work for Obsidian though.
Will have to do some more research on the security implications - specifically allowing session and CSRF cookies to be sent cross-site.