I’m trying to embed my PlayCanvas app in an IFrame, but need the surrounding page to pass it certain parameters. It says here that I need to use window.postMessage because of cross-origin protection.
However, I am self-hosting the app on my own domain, same as the surrounding website, so cross-origin isn’t an issue. I know that I can modify the index.html of the app directly when self-hosting, but the page I’m trying to embed it in already exists and I’d really rather not mess something up by trying to mash the two together. An IFrame sounds like a nice, clean solution.
Do I still need to use postMessage to pass my arguments into the IFrame when they are both of the same origin, or is there an easier solution? If so, is it more or less secure than postMessage?