JS runtime
Moyuk's apps are executed in a sandboxed environment. The runtime consists of iframe sandbox, Web Worker and CSP.
Browser requirements
Moyuk only tested on the latest versions of Chrome.
- Firefox is not supported yet. The runtime depends on dynamic module import and Firefox doesn't support it in worker yet.
- Safari seems to work, but it's not tested.
Available APIs
Because the runtime is based on Web Worker, you can use all the APIs that are available in the Web Worker. However, there are some restrictions.
Eliminated APIs
Moyuk's runtime eliminates some APIs that are unnecessary for Moyuk's apps. The APIs that are eliminated are:
- The APIs only for the browsers.
- Eliminating APIs is not for security reasons, but for the future compatibility.
- Although Moyuk's runtime is currently based on Web Worker, we may change the implementation in the future.
Network access
You can use fetch to access the network. However, there are some restrictions.
Permissions
The runtime denies all network accesses by default. The users must explicitly grant the permissions to the apps. This feature imitates Deno's allow-net permissions.
This feature is achieved by CSP. The runtime dynamically generates the CSP header based on the permissions users granted.
CORS
The CORS policy may affect the network access. The destination server must provide Access-Control-Allow-Origin: * header to allow the access.
Maybe we will provide a proxy server to bypass the CORS policy in the future.