@shiftengineering/folio 0.1.14 → 0.1.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +30 -6
- package/dist-embed-component/folio-embed.js +1001 -1016
- package/dist-embed-component/folio-embed.umd.cjs +12 -12
- package/dist-embed-component/types/index.d.ts +14 -4
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -28,6 +28,29 @@ This package exports three main features:
|
|
|
28
28
|
- `useAddFolioFiles` - Add files to a project
|
|
29
29
|
- `useAddFolioDirectoriesWithFiles` - Add directories with files to a project
|
|
30
30
|
|
|
31
|
+
### Secure Token Handling
|
|
32
|
+
|
|
33
|
+
By default, the component uses a secure token passing mechanism via `postMessage` instead of passing the JWT token as a URL query parameter. This ensures your token is not visible in network logs or browser history.
|
|
34
|
+
|
|
35
|
+
The token is passed securely as follows:
|
|
36
|
+
|
|
37
|
+
1. The iframe loads without the token in the URL
|
|
38
|
+
2. When the iframe is ready, it requests the token from the parent via postMessage
|
|
39
|
+
3. The parent application responds with the token, which is then used for API requests
|
|
40
|
+
|
|
41
|
+
If you need backward compatibility with older versions, you can set the `passTokenInQueryParam` property to `true` on the `FolioProvider`:
|
|
42
|
+
|
|
43
|
+
```jsx
|
|
44
|
+
<FolioProvider
|
|
45
|
+
host="http://your-folio-server.com"
|
|
46
|
+
port={5174}
|
|
47
|
+
token={token}
|
|
48
|
+
passTokenInQueryParam={true} // Legacy mode: passes token in URL (less secure)
|
|
49
|
+
>
|
|
50
|
+
<App />
|
|
51
|
+
</FolioProvider>
|
|
52
|
+
```
|
|
53
|
+
|
|
31
54
|
### Basic Setup
|
|
32
55
|
|
|
33
56
|
First, wrap your application with the `FolioProvider`:
|
|
@@ -361,12 +384,13 @@ Both approaches allow host applications to consume the same events regardless of
|
|
|
361
384
|
|
|
362
385
|
Context provider that manages Folio application connection settings.
|
|
363
386
|
|
|
364
|
-
| Prop
|
|
365
|
-
|
|
|
366
|
-
| `host`
|
|
367
|
-
| `port`
|
|
368
|
-
| `token`
|
|
369
|
-
| `onAnalyticsEvent`
|
|
387
|
+
| Prop | Type | Default | Description |
|
|
388
|
+
| ----------------------- | ------------------------------- | -------------------- | ----------------------------------------------------------------------------------- |
|
|
389
|
+
| `host` | string | `'http://localhost'` | Host for the Folio API and iframe |
|
|
390
|
+
| `port` | number | `5174` | Port for the Folio API and iframe |
|
|
391
|
+
| `token` | string | - | JWT authentication token that the Folio backend is configured to accept |
|
|
392
|
+
| `onAnalyticsEvent` | (event: AnalyticsEvent) => void | - | Optional callback for handling analytics events from Folio |
|
|
393
|
+
| `passTokenInQueryParam` | boolean | `false` | Whether to pass the token in URL (legacy, less secure) instead of using postMessage |
|
|
370
394
|
|
|
371
395
|
### FolioEmbed
|
|
372
396
|
|