3. General
Great! You’ve made your first widget. Now, let’s take a step back to the General tab.
Here, you will find three sections: General Settings, Availability Settings, and Content Security Policy.
General Settings
This section is straightforward; here, you can rename the widget, but you can only rename it.
Availability Settings
This section indicates whether the widget is available for any of the following three WEM applications: the WEM web application, the WEM Android application, and the WEM iOS application.
For example, if you have a WEM web application and a widget that only supports Android, that widget will not be available for that project, even if you have imported the library it resides in.
You can always return to a widget to make it compatible with other platforms.
Content Security Policy
CSP (Content Security Policy) is a security feature implemented in WEM and web applications in general to help prevent various types of attacks, such as Cross-Site Scripting (XSS) and data injection attacks.
Any external sources that the widget uses should be included in the CSP. For instance, if you have the following HTML element:
That image will not load when CSP is enabled in your WEM portal unless you add the hostname https://some-website.com as an img-src directive in the CSP settings overlay behind the "Edit settings" button.
CSP allows web developers to specify which content sources are trusted and can be loaded by the browser when rendering a web page, thereby making the WEM application safer.
As of WEM 4.2, Content Security Policy features have been added. The widget documentation was written before this update, and some example code may not be compatible. This is one of the unfortunate side effects of enhancing application security. For now, to keep things simple, we will not use CSP in our examples. Just ensure that your WEM portal has CSP disabled at the moment for the example code to work.
We will delve deeper into these CSP settings later on.
Last updated