- npm: Add script for testing embedded API

- Fix (Embedded editor): Ensure adding allowedOrigins for embedded response
- Enhancement (Embedded editor): Log if an origin is not whitelisted as sender/receiver
- Demo: Point to raw.githack for proper content-type setting and apparent CORS support; also add `xdomain-svg-editor-es.html` to set origin config and work on Git-based server

editor/embedapi-dom.js

@@ -65,14 +65,17 @@ $('#save').click(saveSvg);
 $('#exportPNG').click(exportPNG);
 $('#exportPDF').click(exportPDF);
 
-const iframe = $('<iframe src="svg-editor.html?extensions=ext-xdomain-messaging.js' +
+const frameBase = 'https://raw.githack.com/SVG-Edit/svgedit/master';
+// const frameBase = 'http://localhost:8001';
+const framePath = '/editor/xdomain-svg-editor-es.html?extensions=ext-xdomain-messaging.js';
+const iframe = $(`<iframe src="${frameBase}${framePath}` +
   (location.href.includes('?')
     ? location.href.replace(/\?(.*)$/, '&$1')
     : '') + // Append arguments to this file onto the iframe
   '" width="900px" height="600px" id="svgedit""></iframe>'
 );
 iframe[0].addEventListener('load', function () {
-  svgCanvas = new EmbeddedSVGEdit(frame);
+  svgCanvas = new EmbeddedSVGEdit(frame, [frameBase]);
   // Hide main button, as we will be controlling new, load, save, etc. from the host document
   let doc;
   try {