Chrome packaged apps 與 Content Security Policies.

延續前一篇的Chrome Apps 開發 samples ，

可以先一起走一遍 follow the official Codelab presented at Google I/O 做中學。

其中有講到一些觀念，

像是Chrome Apps 不會是靠網路，都是local控制，使用者可以完整控制App的週期。開發者要注意的是，需要確保資料都是local儲存，offline可以讀取，當有網路的時候可以sync。

另外本文重點就是Content Security Policies (CSP)

Chrome packaged apps platform force your app to be fully compliant with Content Security Policies. This includes not being able to directly load DOM resources, like images, fonts and CSS's from outside of your app.

If you want to show an external image in your app, you need to request it via XHR, transform it into a Blob and create an ObjectURL. This ObjectURL can then be added to the DOM, because it refers to an in-memory item in the context of the app.

覺得微妙，要好好研究一下。

未完待續 Orz

To learn more about how to develop Chrome Apps:

• Understanding the Architecture introduces the app container, programming, and security models.
• The Fundamentals shows how to use this architecture and how to build for offline, manage data, and embed external content.
• Advanced Technologies shows how to use the powerful network and hardware APIs.
• Disabled Features describes the web features that have been disabled and what to use in their place, where relevant.