Developers may choose to use Content Security Policy (CSP), Feature Policy (FP) and
Subresource Integrity (SRI) to control what their apps may or may not load cross-origin.
For example, an app can restrict scripts to their own origin by setting:
Content-Security-Policy: script-src 'self';
In the example above, webnode.js would not be allowed to run.
However to allow the webnode script to run, authors need to include the resource origin for webnode.js like so: Content-Security-Policy: script-src 'self' https://oyster.ws;.
Providing documentation on this could help applications implement and run webnode within a safer context.
Developers may choose to use Content Security Policy (CSP), Feature Policy (FP) and
Subresource Integrity (SRI) to control what their apps may or may not load cross-origin.
For example, an app can restrict scripts to their own origin by setting:
Content-Security-Policy: script-src 'self';In the example above, webnode.js would not be allowed to run.
However to allow the webnode script to run, authors need to include the resource origin for webnode.js like so:
Content-Security-Policy: script-src 'self' https://oyster.ws;.Providing documentation on this could help applications implement and run webnode within a safer context.