Skip to main content

Browser Support & CSP

Browser support

  • Browsers: evergreen Chromium, Firefox, and Safari.
  • Target: ES2020.
  • Required platform features: fetch, customElements, and ShadowRoot.
  • No legacy IE-style support.

Content Security Policy (CSP)

If your site enforces a Content Security Policy, allow the following:

  • script-src — permit the origin that serves the widget script (for example, your static-asset origin when self-hosting the script-tag build).
  • style-src — the widget renders inside a Shadow DOM with inline styles. You may need style-src 'unsafe-inline', or a nonce/hash that covers shadow DOM styles. Check your CSP tooling's guidance for shadow DOM.

Licensing & versioning

  • Pin both packages to known versions in your package.json, and pin any copied dist/ assets you self-host.
  • The packages are licensed under ISC.