- npm: Add script for testing embedded API

- Fix (Embedded editor): Ensure adding allowedOrigins for embedded response
- Enhancement (Embedded editor): Log if an origin is not whitelisted as sender/receiver
- Demo: Point to raw.githack for proper content-type setting and apparent CORS support; also add `xdomain-svg-editor-es.html` to set origin config and work on Git-based server

editor/embedapi.js

@@ -72,6 +72,7 @@ function messageListener (e) {
     e.source !== this.frame.contentWindow ||
     (!allowedOrigins.includes('*') && !allowedOrigins.includes(e.origin))
   ) {
+    console.log(`The origin ${e.origin} was not whitelisted as an origin from which responses may be received by this ${window.origin} script.`);
     return;
   }
   addCallback(this, data);