Browser Support & CSP
Browser support
- Browsers: evergreen Chromium, Firefox, and Safari.
- Target: ES2020.
- Required platform features:
fetch,customElements, andShadowRoot. - No legacy IE-style support.
Content Security Policy (CSP)
If your site enforces a Content Security Policy, allow the following:
script-src— permit the origin that serves the widget script (for example, your static-asset origin when self-hosting the script-tag build).style-src— the widget renders inside a Shadow DOM with inline styles. You may needstyle-src 'unsafe-inline', or a nonce/hash that covers shadow DOM styles. Check your CSP tooling's guidance for shadow DOM.
Licensing & versioning
- Pin both packages to known versions in your
package.json, and pin any copieddist/assets you self-host. - The packages are licensed under ISC.
Related
- Installation — registry setup and version pinning.
- Vanilla JS & Script Tag — self-hosting the script build.