Embed JS Widgets with Rails: A Step-by-Step Guide

David Paluy - Nov 5 - - Dev Community

Creating a custom JavaScript widget that can be embedded in client websites is a powerful way to extend the reach of your Ruby on Rails application. Whether it's a chat box, an analytics tracker, or any other interactive element, a custom widget lets you bring functionality directly to users. Let’s walk through the steps of building a secure, embeddable widget and cover the best practices.

Table of Contents

 1. Step 1: Setup
 2. Step 2: Creating an Embed Code for Clients
 3. Step 3: Embedding Your Widget in an Iframe (Optional)
 4. Step 4: Setting Headers for Iframe Embedding
 5. Step 5: Test the Widget
 6. Step 6: Adding Version Support with Versioned Routes and Controllers

Step 1: Setup

Create a new Rails endpoint: This endpoint will serve the JavaScript code for your widget. Typically, this could be an action within a WidgetsController:

# app/controllers/widgets_controller.rb
class WidgetsController < ApplicationController
  def show
    # Your widget code here
  end
end
Enter fullscreen mode Exit fullscreen mode

Configure the Route: Set up a route to make the widget accessible.

# config/routes.rb
Rails.application.routes.draw do
  get '/widget.js', to: 'widgets#show', as: :widget
end
Enter fullscreen mode Exit fullscreen mode

Serve JavaScript from the Controller: In Rails, you can respond with JavaScript by setting the appropriate content type.

# app/controllers/widgets_controller.rb
class WidgetsController < ApplicationController
  def show
    response.headers['Content-Type'] = 'application/javascript'
    render layout: false
  end
end
Enter fullscreen mode Exit fullscreen mode

Write the JavaScript Code for Your Widget: The widget script typically includes the logic to render a custom HTML element or iframe on the client’s page.

// app/views/widgets/show.js.erb
(function() {
  const widgetDiv = document.createElement('div');
  widgetDiv.id = 'custom-widget';
  widgetDiv.innerHTML = "<p>This is your custom widget content!</p>";
  document.body.appendChild(widgetDiv);
})();
Enter fullscreen mode Exit fullscreen mode

Step 2: Creating an Embed Code for Clients

To allow clients to embed your widget, provide a JavaScript snippet they can copy and paste into their HTML:

<!-- Client Embeddable Code -->
<script type="text/javascript">
  (function() {
    const script = document.createElement('script');
    script.src = "https://yourapp.com/widget.js";
    script.async = true;
    document.head.appendChild(script);
  })();
</script>
Enter fullscreen mode Exit fullscreen mode

Step 3: Embedding Your Widget in an Iframe (Optional)

Consider embedding the widget content in an iframe for more isolation and control over styling. This approach keeps the widget's styling and behavior separate from the client's site.

Update the JavaScript Code to create an iframe for the widget:

// app/views/widgets/show.js.erb
(function() {
  const iframe = document.createElement('iframe');
  iframe.src = "<%= widget_content_url %>";
  iframe.style.width = "300px";
  iframe.style.height = "200px";
  document.body.appendChild(iframe);
})();
Enter fullscreen mode Exit fullscreen mode

Define a New Route and View for the Widget Content:

# config/routes.rb
Rails.application.routes.draw do
  get '/widget_content', to: 'widgets#content', as: :widget_content
end
Enter fullscreen mode Exit fullscreen mode
# app/controllers/widgets_controller.rb
def content
  render layout: false
end
Enter fullscreen mode Exit fullscreen mode

Create the Widget Content HTML: Create a view to render inside the iframe

<!-- app/views/widgets/content.html.erb -->
<div id="iframe-widget">
  <p>This is the widget content in an iframe.</p>
</div>
Enter fullscreen mode Exit fullscreen mode

Step 4: Setting Headers for Iframe Embedding

Configure the appropriate HTTP headers to ensure your widget works securely in an iframe. There are two primary headers to consider:

Remove the X-Frame-Options Header: The X-Frame-Options header is deprecated but still widely respected by many browsers. To remove it, add the following configuration in an initializer:

# config/initializers/security_headers.rb
Rails.application.config.action_dispatch.default_headers.delete('X-Frame-Options')
Enter fullscreen mode Exit fullscreen mode

Set the Frame-Ancestors Directive:The modern and more flexible approach is to use Content-Security-Policy with the frame-ancestors directive, which allows you to specify the domains allowed to embed your widget in an iframe. Adjust this header as needed based on your security requirements.

# config/initializers/security_headers.rb
Rails.application.config.action_dispatch.default_headers.merge!({
  'Content-Security-Policy' => "frame-ancestors 'self' https://trusted-domain.com"
})
Enter fullscreen mode Exit fullscreen mode

This configuration allows your app to be embedded in iframes only by the specified domains. Replace https://trusted-domain.com with the actual domains you trust.

Step 5: Test the Widget

Once you’ve set up the widget and headers, test the widget by embedding it on a test page in various browsers to ensure compatibility. If you’ve used frame-ancestors, confirm that only the specified domains can embed your widget and that the widget displays as expected.

Step 6: Adding Version Support with Versioned Routes and Controllers

As your widget evolves, you may introduce new features or improvements that not all clients are ready to adopt immediately. Supporting multiple versions of your widget ensures backward compatibility, allowing clients to upgrade at their own pace without disrupting their existing integrations.

Implementing Version Support Using Versioned Routes and Controllers

Define Versioned Routes

Start by setting up separate routes for each version of your widget. Namespacing each version keeps your code organized and allows you to manage different versions independently.

# config/routes.rb
Rails.application.routes.draw do
  namespace :v1 do
    get '/widget.js', to: 'widgets#show', as: :widget_v1
    get '/widget_content', to: 'widgets#content', as: :widget_content_v1
  end

  namespace :v2 do
    get '/widget.js', to: 'widgets#show', as: :widget_v2
    get '/widget_content', to: 'widgets#content', as: :widget_content_v2
  end

  # Add more versions as needed
end
Enter fullscreen mode Exit fullscreen mode

Create Versioned Controllers

For each version, create a controller within its namespace. This separation ensures that changes in one version don't affect others.

# app/controllers/v1/widgets_controller.rb
module V1
  class WidgetsController < ApplicationController
    def show
      response.headers['Content-Type'] = 'application/javascript'
      render 'v1/widgets/show', layout: false
    end

    def content
      render 'v1/widgets/content', layout: false
    end
  end
end
Enter fullscreen mode Exit fullscreen mode
# app/controllers/v2/widgets_controller.rb
module V2
  class WidgetsController < ApplicationController
    def show
      response.headers['Content-Type'] = 'application/javascript'
      render 'v2/widgets/show', layout: false
    end

    def content
      render 'v2/widgets/content', layout: false
    end
  end
end
Enter fullscreen mode Exit fullscreen mode

Create Version-Specific JavaScript and HTML Views

Each version can have its own JavaScript and HTML files, allowing you to tailor functionality and appearance per version.

Version 1 JavaScript:

// app/views/v1/widgets/show.js.erb
(function() {
  console.log("Widget Version 1 Loaded");
  const iframe = document.createElement('iframe');
  iframe.src = "<%= widget_content_v1_url %>";
  iframe.style.width = "300px";
  iframe.style.height = "200px";
  document.body.appendChild(iframe);
})();
Enter fullscreen mode Exit fullscreen mode

Version 1 Content:

<!-- app/views/v1/widgets/content.html.erb -->
<div id="iframe-widget-v1">
  <p>This is the widget content for version 1.</p>
</div>

Enter fullscreen mode Exit fullscreen mode

Version 2 JavaScript:

// app/views/v2/widgets/show.js.erb
(function() {
  console.log("Widget Version 2 Loaded with New Features");
  const iframe = document.createElement('iframe');
  iframe.src = "<%= widget_content_v2_url %>";
  iframe.style.width = "400px"; // Updated dimensions
  iframe.style.height = "300px";
  document.body.appendChild(iframe);
})();
Enter fullscreen mode Exit fullscreen mode

Version 2 Content:

<!-- app/views/v2/widgets/content.html.erb -->
<div id="iframe-widget-v2">
  <p>This is the widget content for version 2 with new features!</p>
</div>
Enter fullscreen mode Exit fullscreen mode

Provide Versioned Embed Codes to Clients

<!-- Client Embeddable Code for Version 1 -->
<script type="text/javascript">
  (function() {
    const script = document.createElement('script');
    script.src = "https://yourapp.com/v1/widget.js";
    script.async = true;
    document.head.appendChild(script);
  })();
</script>
Enter fullscreen mode Exit fullscreen mode

Final Thoughts

Creating an embeddable widget for a Rails application involves a few key considerations: serving JavaScript securely, managing styles, and configuring headers correctly for iframe compatibility. By following the steps above, you’ll have a widget that clients can easily add to their sites, expanding the usability of your Rails application.

. . . . . . . . . . . . . . . .