These commits were picked out from #18 - even though they helped with Content Security Policy related errors, they weren't made solely for that reason. The two big changes here are:
Remove the inline script that broadcasted hash-based map coordinates to a parent page, if iframe. This was copied across a ton of Tangram demo pages, but was only meant for certain specific use cases. It's essentially dead code here (and a CSP violation).
Rewrote the script loading process to happen dynamically, rather than several round-trip callbacks between JS and HTML (another CSP violation). This implementation also makes use of Promises to handle asynchronous loading in a more manageable way. (A polyfill is included for old browsers: this is an additional network request.) This resolves issue #14.
While we work through how we handle loading of arbitrary external scripts from Tangram users, I think these improvements can stand alone from work in that branch.
These commits were picked out from #18 - even though they helped with Content Security Policy related errors, they weren't made solely for that reason. The two big changes here are:
While we work through how we handle loading of arbitrary external scripts from Tangram users, I think these improvements can stand alone from work in that branch.