1.0.0-alpha.23
- Disabled implicit auto-connection to WS server by default
- Reworked sandbox init:
- UI is loading into a sandboxed frame with
allow-scripts allow-forms allow-popups allow-modals
features enabled. That prevents access to data storage/cookies and some JavaScript APIs from UI scripts (becauseallow-same-origin
is not enabled) but puts UI scripts in the same conditions across environments (e.g. a regular page, a page in "incognito mode", a devtools page etc). - Added
sandboxSrc
option forcreateSandbox()
to specify a sandbox page URL, needed to define a specific origin e.g. in devtools - Added
rempl/sanbox-init
endpoint which exposes a code to inject into a sandbox page to init UI scripts, e.g.<!DOCTYPE html> <script> import { initSandboxScript } from 'rempl/sandbox-init'; initSandboxScript(); </script>
- UI is loading into a sandboxed frame with