The original plugin is written in Typescript and I use node.innerHTML to generate a script tag with proper src attribute. In this way the script tag is ignored.
If I generate it dynamically instead I get a CORS error: The request client is not a secure context and the resource is in more-private address space
But from any other client app I can download the script (we actually use it in browsers, mobile apps, and so on).
I’m testing this on Jupyterlab 3.1.2 currently.
Does anyone have experience with this? Is this even possible in Jupyterlab?
Thanks for all your support,
Actually Firefox works neatly. The problem is only on Chrome …
Seems like the two browser have different policies related to CORS calls …
depending on how much control you have over the other side of the connection, and how much influence the remote code needs to have on the jupyterlab DOM, using an
postMessage is usually quite robust for this kind of work, and offers the most consistent security/isolation/portability API.