Skip to content

Commit

Permalink
docs: add less secure message for crypto polyfill - OKTA-347942
Browse files Browse the repository at this point in the history 
OKTA-347942
<<<Jenkins Check-In of Tested SHA: b5ca0dd for [email protected]>>>
Artifact: okta-auth-js
  • Loading branch information
@shuowu @eng-prod-CI-bot-okta
shuowu authored and eng-prod-CI-bot-okta committed Dec 17, 2020
1 parent 2899ee2 commit 45d83aa
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,8 @@ Compatibility with IE 11 / Edge can be accomplished by adding polyfill/shims for
* UInt8 typed array
* webcrypto (crypto.subtle)

> :warning: crypto polyfills are unable to use the operating system as a source of good quality entropy used to generate pseudo-random numbers that are the key to good cryptography. As such we take the posture that crypto polyfills are less secure and we advise against using them.
This module provides an entrypoint that implements all required polyfills.

If you are using the JS on a web page from the browser, you can copy the `node_modules/@okta/okta-auth-js/dist` contents to publicly hosted directory, and include a reference to the `okta-auth-js.polyfill.js` file in a `<script>` tag. It should be loaded before any other scripts which depend on the polyfill.
Expand Down

0 comments on commit 45d83aa

Please sign in to comment.