The Magic of Serializing Functions
In most of these scenarios, the default mechanism is just to serialize a message down to a string, send it over to the other layer, and hope it arrived.
With this p attern I can easy make a request to a different layer (e.g. a different window, or some server, or a different process) and get a response. That response serves two purposes:
For example, here’s how this works in post-robot, a JavaScript library designed to make this kind of messaging easier on the web for communication between iframes and windows:
You can imagine how a similar interface could be applied for literally any system where two layers are able send serialized messages back and forth. The advantages are:
This article is mainly about the messaging protocol itself; but security is also obviously crucial here. In each of these cases we want to verify:
Another advantage of the interface above is, it’s easier to be declarative about security. Rather than needing to add a bunch of if-conditions to check the sender window and domain, which is easy to forget, I can just explicitly declare who I intend to send and receive messages from:
/cdn.vox-cdn.com/uploads/chorus_asset/file/25419483/247092_Student_activist_doxxing_AKrales_1438.jpg)
