Developing an app on version 5 of cordova (using the phonegap framework). The latest updates request you use a Content-Security-Policy meta tag as per their documentation:
Here's my tag for the app:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example">
When I include this everything works fine except console.log messages do not get pushed to terminal when running "phonegap serve" (a tool provided to 'test' your app using an app pre-installed on your device).
However if i remove the tag from my code then console.log messages get pushed to terminal correctly but i can no longer make data requests to my example domain.
I've tried many variances using / as a guide but i can't get it to work correctly.
Note: This is a new facility in v5 of cordova, as previously this was all working without a problem.
Developing an app on version 5 of cordova (using the phonegap framework). The latest updates request you use a Content-Security-Policy meta tag as per their documentation: https://github./apache/cordova-plugin-whitelist
Here's my tag for the app:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.example.">
When I include this everything works fine except console.log messages do not get pushed to terminal when running "phonegap serve" (a tool provided to 'test' your app using an app pre-installed on your device).
However if i remove the tag from my code then console.log messages get pushed to terminal correctly but i can no longer make data requests to my example. domain.
I've tried many variances using http://content-security-policy./ as a guide but i can't get it to work correctly.
Note: This is a new facility in v5 of cordova, as previously this was all working without a problem.
Share Improve this question edited Jun 16, 2015 at 12:19 Kevin S asked Jun 16, 2015 at 12:10 Kevin SKevin S 1,0771 gold badge10 silver badges19 bronze badges1 Answer
Reset to default 8Here an example of my settings in Content-Security-Policy. I don't have * in production, but then I have * replaced with all accepted locations.
Also I needed to add gap://ready for the IOS platform. Not quite sure why this needed, but when I debugged on IOS I saw that it threw an error on gap://ready.
<meta http-equiv="Content-Security-Policy" content="default-src 'self' * gap://ready; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *">
With above line my console.log() message do appear.