{"id":22489023,"url":"https://github.com/adobe/coriolis","last_synced_at":"2025-08-02T21:32:04.464Z","repository":{"id":37077044,"uuid":"406556122","full_name":"adobe/coriolis","owner":"adobe","description":"A library for cross iframe communication with high level API and features.","archived":false,"fork":false,"pushed_at":"2025-08-01T18:50:42.000Z","size":8083,"stargazers_count":37,"open_issues_count":0,"forks_count":8,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-08-01T20:50:12.457Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adobe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-09-15T00:01:44.000Z","updated_at":"2025-08-01T18:50:40.000Z","dependencies_parsed_at":"2025-04-24T22:34:54.901Z","dependency_job_id":"9fa9acee-b839-478e-9124-32c085ad8495","html_url":"https://github.com/adobe/coriolis","commit_stats":{"total_commits":323,"total_committers":3,"mean_commits":"107.66666666666667","dds":0.04643962848297212,"last_synced_commit":"2252ef500ed6b97637f1fa0ee543dc2005dad8bd"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/adobe/coriolis","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fcoriolis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fcoriolis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fcoriolis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fcoriolis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adobe","download_url":"https://codeload.github.com/adobe/coriolis/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fcoriolis/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268297503,"owners_count":24228125,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-01T02:00:08.611Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-06T17:19:06.239Z","updated_at":"2025-08-02T21:32:04.433Z","avatar_url":"https://github.com/adobe.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"docs/coriolis-white-logo.png\" alt=\"Coriolis\" /\u003e\n\u003c/h1\u003e\n\n\n\u003ch3 align=\"center\"\u003eA library for cross iframe communication with high level API and features.\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#usefull-links\"\u003eUsefull Links\u003c/a\u003e •\n  \u003ca href=\"#key-features\"\u003eKey Features\u003c/a\u003e •\n  \u003ca href=\"#how-to-use\"\u003eHow To Use\u003c/a\u003e •\n  \u003ca href=\"#architecture\"\u003eArchitecture\u003c/a\u003e •\n  \u003ca href=\"#related-projects\"\u003eRelated projects\u003c/a\u003e •\n  \u003ca href=\"#contributing\"\u003eContributing\u003c/a\u003e •\n\t\u003ca href=\"#licensing\"\u003eLicensing\u003c/a\u003e •\n\t\u003ca href=\"#changelog\"\u003eChangelog\u003c/a\u003e •\n  \u003ca href=\"#future-developments\"\u003eFuture developments\u003c/a\u003e •\n  \u003ca href=\"#ideas-to-explore\"\u003eIdeas to explore\u003c/a\u003e\n\u003c/p\u003e\n\n\n## Useful Links\n\n* [Documentation](https://opensource.adobe.com/coriolis/)\n\n## Key Features\n\n* Cross browser compatibility (see version 1.X for IE support)\n* Low number of dependencies and lightweight (~ 10kb minified \u0026 gzipped)\n* Extensible and modularized (you can add module and serializer)\n* Handshake with event for connection, disconnection and reconnection\n* Handle most security checks out of the box for you\n* Multiple high-level functional API with:\n\t* Query module for easy cross domain function calls\n\t* Event module to share state changes\n\t* Store module to share states with observable support\n\t* Plugin module to provide you a base plugin system\n\t* Content module to allow basic operation on child content\n* Serializer system for non JavaScript primitive data type like:\n\t* Map / Set objects\n\t* Error objects\n\t* Date objects\n\t* KeyboardEvent\n\t* MouseEvent\n\t* DomRect (with auto translation of coordinate)\n\t* ArrayBuffer\n\n## How To Use it\n\nIn your main domain (Asset domain):\n\n```\n\u003cscript src=\"polyfill.js\" type=\"text/javascript\" charset=\"utf-8\"\u003e\u003c/script\u003e\n\u003cscript src=\"coriolis.js\" type=\"text/javascript\" charset=\"utf-8\"\u003e\u003c/script\u003e\n\u003cdiv id=\"coriolisContainer\"\u003e\u003c/div\u003e\n\u003cscript type=\"text/javascript\"\u003e\n\tvar coriolis = Coriolis.createIframe(\n\t\tdocument.querySelector('#coriolisContainer'),\n\t\t'https://your-ugc-hostname.example.com',\n\t\t'\u003chtml\u003e\u003chead\u003e\u003c/head\u003e\u003cbody\u003eInitial Coriolis Content\u003c/div\u003e\u003c/body\u003e\u003c/html\u003e'\n\t);\n\n\tcoriolis.query.call('addition', 12, 30).then(function(result) {\n\t\tconsole.log(result);\n\t});\n\u003c/script\u003e\n```\n\nIn your user generated content domain:\n\n```\n\u003cscript src=\"polyfill.js\" type=\"text/javascript\" charset=\"utf-8\"\u003e\u003c/script\u003e\n\u003cscript src=\"coriolis.js\" type=\"text/javascript\" charset=\"utf-8\"\u003e\u003c/script\u003e\n\u003cscript type=\"text/javascript\"\u003e\n\tvar coriolis = new Coriolis(\n\t\twindow.parent,\n\t\t'https://your-asset-hostname.example.com',\n\t);\n\n\tcoriolis.query.register('addition', function(a, b) {\n\t\treturn Promise.resolve(a + b);\n\t})\n\u003c/script\u003e\n```\n\nThis will load Coriolis on both of the domains, do a handshake, override the content of the Iframe with the `Initial Coriolis Content` and finally print the result of `addition` in the main domain (while the computation is done in the iframe).\n\nFor more example of Coriolis, you could start the project (`npm start`) and/or check the demo folder. You could also look the generated documentation (build it locally with `npm run doc \u0026\u0026 open reporting/doc/index.html`).\n\n## Architecture\n\nCoriolis in composed of multiple components and allows for Modules and Serializers to be configured. Here is a high level class diagram that explains how the Class interact.\n\nThe DataSerializer and ModuleLoader are abstract enough to be used outside of a context of Postmessage if you have other functional needs (for example, webSocket) and are responsible of the extensibility of Coriolis.\n\n\u003cimg src=\"docs/Coriolis - Class diagram - High level.svg\"/\u003e\n\n## Security\n\nEven if Coriolis alone couldn't protect your Assets (replace Assets by what is important for you to protect, eg: IMS token), it should help when you deal with customer data that you couldn't escape (Customer JS code, Customer plugin, Non-Adobe integration, RichText Editors...). It enhances security with 3 main ideas:\n\n* Easy usage prevent developers to bypass security\n* Use a specific protocol are reject non expected data\n* Configured by default related security setting (sandbox attributes)\n\nThe other part that you are in charge of is to ensure a full protection of your Asset is:\n\n* Correctly configure your Cross Origin Resource Sharing (CORS) and Content Security Policy (CSP) on your server\n* Use two different domains, one for your main domain with your Assets and one for User Generated Content (UGC)\n* Do a security code review of code that used or extends Coriolis on the **main domain**\n* Do not shared your Assets through Coriolis\n\nIf you used Coriolis and applied all of these advises, you should be secured as described in that threat model diagram:\n\n\u003cimg src=\"docs/Coriolis - Threat model.png\"/\u003e\n\n## Related projects\n\n### [penpal](https://github.com/Aaronius/penpal#readme)\n\nOpen source project that allow implementing query feature. It is used inside Adobe by Adobe Launch in the [Reactor Bridge](https://github.com/adobe/reactor-bridge). It only support primitive javascript information transfer. It doesn't preconfigure any security parameters by default.\n\n### [postmate](https://github.com/dollarshaveclub/postmate)\n\nA popular Open source project. It has an handshake support. It only support primitive JavaScript information transfer. It's only designed to have parent to child exchange and it's not designed for by-directional communication.\n\n## Contributing\n\nContributions are welcomed! Read the [Contributing Guide](./.github/CONTRIBUTING.md) for more information.\n\n## Licensing\n\nThis project is licensed under the Apache V2 License. See [LICENSE](LICENSE) for more information.\n\n## Changelog\n\n### Version 2.1.2\n\n* Fix missing Readme on npmjs package\n\n### Version 2.1.1\n\n* Allow to bypass origin verification with the '*' as input URL.\n\n### Version 2.1.0\n\n* Fix Map and Set serializer\n* Allow to defer the target of PostMessage (create coriolis object before the iframe)\n* Fix contentModule that rewrite the content even when not used\n* Allow contentModule and StoreModule to handle reconnect or not\n* Make StoreModule sync the store at connection with mergeCallback in conflict or use parent value if mergeCallback was not defined.\n* Send a disconnect event if the connection is lost (eventlistener for unload)\n* Improve typescript definition\n* Update connection system to alert in version mismatch\n* Add channel listener support and global listener support in store and event module\n\n### Version 2.0.0\n\n* Drop support of Internet Explorer\n* Addition of TypeScript\n* Reduce checks on usage (will be checked by TypeScript)\n\n## Future Developments\n\nHere is a list of some idea / improvement for future version of Coriolis. Any contribution is welcome and if you have interest for one of the item, event without the ability to contribute, please contact us.\n\n* Add security configuration\n\t* Add warning when two frame are on the same domain\n\t* Allow to have multiple whitelisted hosts for parent / child\n\t* Allow personalization of sandbox attribute\n* Move some dependencies into peerDependency (allow main project to use they own polyfill)\n* Allow configure target param for the DomRectSerializaer from Coriolis constructor\n\n## Ideas to explore\n\n* Add a strict mode for store (need declare store object before use them)\n* Add a tool for help debugging what is inside store, history of event and query\n* Make a postMessage decorator for multiple frames forwarder\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadobe%2Fcoriolis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadobe%2Fcoriolis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadobe%2Fcoriolis/lists"}