I have an application that generates a JSON file. It is to be consumed by a local HTML/JS file. My experience and google/StackOverflow seem to indicate the following:
- This is easy when wrapping this into a Javascript assignment and just use
<script src>. This works just fine. - For security reasons, we can not read JSON directly from a local file (e.g. using
require, ord3.json, using Chrome).
I don’t understand the difference between these two methods w.r.t. security. I would have expected both to work, or neither. Am I missing something?