From 98378d01a380173e6619c94b51e72c7bb1fd0be3 Mon Sep 17 00:00:00 2001 From: "Daniel St. Jules" Date: Thu, 4 Sep 2014 20:14:14 -0700 Subject: [PATCH] Update readme --- README.md | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e51ce50..37dc8b3 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,10 @@ Cross domain local storage, with permissions. Features an API using ES6 promises The library is a convenient alternative to sharing a root domain cookie. Unlike cookies, your client-side data isn't limited to a few kilobytes - you -get a guaranteed 2.49Mb. This is all thanks to LocalStorage, which is available -in IE 8+, FF 3.5+, Chrome 4+, as well as a majority of mobile browsers. For a -list of compatible browsers, refer to +get a guaranteed 2.49Mb. For a client-heavy application, you can potentially +shave a few KB off your request headers by avoiding cookies. This is all thanks +to LocalStorage, which is available in IE 8+, FF 3.5+, Chrome 4+, as well as a +majority of mobile browsers. For a list of compatible browsers, refer to [caniuse](http://caniuse.com/#feat=namevalue-storage). How does it work? The library is divided into two types of components: hubs @@ -60,12 +61,30 @@ storage.onConnect().then(function() { ## Installation -Once made public, the module will be available via bower: +The application can be installed via bower: ``` bash bower install cross-storage ``` +When serving the hub, you'll want to set the CORS and CSP headers for your +server appropriately. For example: + +``` javascript +{ + 'Access-Control-Allow-Origin': '*', + 'Access-Control-Allow-Methods': 'GET,PUT,POST,DELETE', + 'Access-Control-Allow-Headers': 'X-Requested-With', + 'Content-Security-Policy': "default-src 'unsafe-inline' *", + 'X-Content-Security-Policy': "default-src 'unsafe-inline' *", + 'X-WebKit-CSP': "default-src 'unsafe-inline' *", +} +``` + +If using inline JS to create the hub, you'll need to specify `unsafe-inline` +for the CSP headers. Otherwise, it can be left out if simply included the +init code via another resource. + ## API #### CrossStorageHub.init(permissions)