Uploading a Create program from an embedded iframe?


I'm interested in sharing some of my sketches on my website. I love how easy it is to embed them via iframe from Arduino Create. However, I don't see any way for my website visitors to upload the code from the iframe to their own Arduino, without clicking "Open Code --> Open in Web Editor" while logged in to their own Arduino Create account.

Am I missing something? Is there a parameter that I should have added to my iframe to allow uploading directly from my own site?


The upload process is a bit trickier than just show the code, so I don't think it will be possible to upload from an iframe in the near future.

Also your website visitors will have to have the Create Plugin installed in order to upload the code, as Matteo said it is tricker than it may look :slight_smile:

Even with the Plugin installed we cannot allow the feature for security reasons. Some other websites could mimic the behaviour of create and upload malicious software in the client machine. This is why we sign the requests on our server to be sure it is an allowed request.

Thank you.

I don't understand the security issue. If it's in an iframe then the connection is made from arduino's domain. Why is there a problem?

Clickjacking | OWASP so if the user has to be involved in loggin in (as it is for the upload) than they can be trick to put username/pass in a webpage that is not the original one.

I see. Why does there have to be a log in process at all? The idea would be to upload the author's code.

Hi @allwinedesigns

We are a company and the compilation (involved before upload) + the cloud service hava a computational cost. If we release that on the wild I am sure a lot of clones out there will start using our system to have compilation for free.
To keep the business sustainable and to pay all our salaries + keep everything open source has some costs. The costs are covered by paying users, selling hardware and/or services. If we do not have any info about our users (logged out users) and they can use our service for free and without limits than I think the Arduino company business will be disrupted.

This is why we cannot allow not logged in users to use a free service.

To have an analogy it is like asking your local pizzeria to provide free pizza for everyone. I am sure they are not going to do that.

Thank you!

I understand there's no such thing as a free lunch, but right now the embed feature offers very little value considering there are other free ways to share code that don't drive traffic away from my site. If I'm going to put time into a project and advertise your product for you I should get something out of it too. You can track who the heavy users are and if they're abusing it, do something about it. It should definitely be a mutually beneficial relationship. I envision allowing users on my site to make tweaks to code that I provide and upload it directly from my site. If they want to save it, they'd have to sign up for an account with you. If that's not enough value to you, then perhaps the sharing/compilation feature comes at a price.

Hi @allwinedesigns,

For cases like yours we can offer a SaaS solution to access our compilation api and your company pays for numbers of compilations or users.

Feel free to contact me for more info about the business deal.

You can write directly to webmaster at arduino cc mentioning this thread.