On init, the widget:
Injects widget styles and a simple widget container
Registers message handlers for internal communication
Allow the CDN script in your script-src.
script-src
Allow the UI host in frame-src/child-src:https://ui.glyph.network/
frame-src/child-src:https://ui.glyph.network/
If you enable strict CSP, also permit inline styles for the injected overlay/iframe styles or provide equivalent stylesheet allowances.
Use HTTPS across all resources to avoid mixed-content blocking.
Last updated 1 month ago