@zealous Actually, there are none 🙂 You can even deploy the application on a file url. In case of an HTTP url, only the ability to do HTTP GET is needed. It also supports BASIC auth for the downloaded resources, but in my opinion security is better handled in the app/app API.