Context
routes/embed.js exists; partners want to embed live campaign stats/leaderboards on their own sites.
A safe, versioned embeddable widget extends reach.
Scope
- Sandboxed iframe widget (leaderboard, progress, CTA) with a stable, versioned embed API.
- CSP/frame-ancestors controls; theming params; no PII leakage.
- Caching + rate limiting for embed traffic.
Acceptance criteria
- Partners embed a themeable, sandboxed widget that updates live and is version-pinned.
Verification
- Embed renders cross-origin within CSP; version bump doesn't break existing embeds.
Context
routes/embed.jsexists; partners want to embed live campaign stats/leaderboards on their own sites.A safe, versioned embeddable widget extends reach.
Scope
Acceptance criteria
Verification