I have an application that generates a JSON file. It is to be consumed by a local HTML/JS file. My experience and Google/Stack Overflow seem to indicate the following:
- This is easy when wrapping this into a JavaScript assignment and just use
<script src>. This works just fine. - For security reasons, we can not read JSON directly from a local file (e.g. using
require, ord3.json, using Chrome).
I don't understand the difference between these two methods w.r.t. security. I would have expected both to work, or neither. Am I missing something really obvious?
Tentative answer: <script src> checks for valid JS, while other fetch like operations would read anything?
