[Refactoring]: support for silent redirect page from other domain

[Serge-Libotte]

All code examples are suggesting to implement the silent renew page with the following:

window.onload = function () {
  const event = new CustomEvent('oidc-silent-renew-message', { detail: window.location });
  window.parent.dispatchEvent(event);
};

(https://angular-auth-oidc-client.com/docs/documentation/silent-renew)
We are serving the silent redirect page from our CDN, so, from another (controlled) domain.
Calling window.parent.dispatchEvent(event) is prevented by CORS. If we want to be able to work cross domain then the postMessage API should be used.
I didn't found an existing possible solution to this so I'll try the following:

// silent renew from iFrame
const messageData = {
  key: 'silent-renew', 
  data: window.location
};
window.parent.postMessage(messageData, '*');

In the main page I'll create a "bridge" to capture the message and transform it into a CustomEvent

// In the parent window
window.addEventListener('message', (event) => {
  // checks to ensure the message is from a trusted source
  if (event.origin !== 'https://t-www.acerta-cdn.be') return;
 
  if (message.key === 'silent-renew') {
    // Create the custom event with the attributes from the message
    const customEvent = new CustomEvent('oidc-silent-renew-message', {
      detail: event.data
    });
 
    // Dispatch the custom event
    window.dispatchEvent(customEvent);
  }
});

Would you see a better way?