Eric
Reputation: 10626
Cordova 5 whitelist, Content-Security-Policy and local network ip
I get this error when trying to load js files
Refused to load the script 'http://192.168.1.10/js/test.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'
What policy should I use?
This is my meta
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
And the white list in config.xml (root)
<access origin="http://192.168.1.10/*" />
<allow-navigation href="http://192.168.1.10/*" />
<allow-intent href="http://192.168.1.10/*" />
I'm building on platform cordova 5, [email protected] and testing on Android 5.1.1
Upvotes: 2
Views: 3752
Answers (1)
Eric
Reputation: 10626
Found the solution, thought I'd post; I simply forgot to add the URL to the meta.
<meta http-equiv="Content-Security-Policy"
content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://192.168.1.10">
Upvotes: 3
Related Questions
- How to define Content-Security-Policy in Cordova properly?
- cordova 10 has CORS issue with allowList
- How to configure Content Security Policy and whitelist plugin for cordova to fetch local files
- API Server CORS whitelist for Cordova App
- cordova 5.1.1 whitelist issue
- Cannot send cross domain requests with Cordova. Whitelisting doesn't work
- Whitelisting not working in Cordova 3.6.3 Android
- How to whitelist multiple domains phonegap (cordova)
- domain whitelist in cordova Android appears to be ignored
- Whitelisting in Cordova (Android)