Provide documentation on requirements for deploying webnode script safely

Developers may choose to use [Content Security Policy (CSP)](https://w3c.github.io/webappsec-csp/), [Feature Policy (FP)](https://wicg.github.io/feature-policy/) and 
[Subresource Integrity (SRI)](https://w3c.github.io/webappsec-subresource-integrity/) to control what their apps may or may not load cross-origin. 

For example, an app can restrict scripts to their own origin by setting: 
`Content-Security-Policy: script-src 'self';`

In the example above, webnode.js would not be allowed to run.

However to allow the webnode script to run, authors need to include the resource origin for webnode.js like so: `Content-Security-Policy: script-src 'self' https://oyster.ws;`.

Providing documentation on this could help applications implement and run webnode within a safer context.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provide documentation on requirements for deploying webnode script safely #155

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Provide documentation on requirements for deploying webnode script safely #155

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions