Skip to main content

Nothing renders in the iframe

Check these first:
  • Iframe is loaded: call postMessage() only after the iframe load event fires.
  • Required fields are present: fraud (stringified JSON) and fileData (ArrayBuffer) must be provided.
  • Correct payload types:
    • fraud, decision, classification must be strings (JSON.stringify(...))
    • fileData must be an ArrayBuffer (not Blob, not base64 string)
  • Same stage + cell: confirm you fetched results from the same stage/cell where the submission was created.
  • Serving over HTTP: don’t open the page via file://. Use a local server (e.g., python3 -m http.server) because browsers restrict behavior under file://.

postMessage is sent but the iframe does not receive it

Most common causes:
  • Target origin mismatch: targetOrigin must match the iframe’s origin exactly.
    • Tip: compute it from the iframe URL: new URL(iframe.src).origin
  • Wrong iframe URL: confirm the iframe src is the enabled Offline iFrame bundle URL (or your self-hosted bundle URL).

Highlights / localized detections are missing

If you expect overlays (bounding boxes) but don’t see them:
  • Fetch fraud using: GET .../fraud?with_metadata=true
  • Confirm the response contains indicator metadata (some findings do not produce localized overlays).

Blank screen or error screen after posting the message

  • Check browser console for errors (Console + Network tabs).
  • Validate fraud is valid JSON before posting: 
    JSON.parse(fraud)
  • Verify the file bytes in fileData match the result payload (wrong file can lead to confusing UI behavior).
  • Ensure you send fileData as a transferable (third argument to postMessage) to avoid large buffer copies.

CSP errors in console

  • For the inline quickstart example, inline scripts may require: script-src 'unsafe-inline'
  • For production, move scripts to external files and remove unsafe-inline.
  • Ensure frame-src (or child-src) allows the iframe origin (self-hosted or enabled Resistant AI origin).

Clipboard functionality not working

  • Ensure the iframe has: allow="clipboard-read; clipboard-write"
  • Ensure browser policies allow clipboard access.

Still stuck?

When contacting support, include:
  • stage + cell (e.g., prod us-1)
  • iframe src (redacted if needed) and the targetOrigin you used
  • submission_id
  • browser + version
  • console error screenshot or text
See: Contact support