olivier
Reputation: 2645
http-equiv Content-Security-Policy works in browser but not on android device - IONIC
I'm developing an app with ionic and just inserted this Content-Security-Policy meta-tag.
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' fonts.googleapis.com 'unsafe-inline'; script-src 'self' code.jquery.com cdn.firebase.com www.gstatic.com maps.googleapis.com localhost:35729 apis.google.com 'unsafe-inline' 'unsafe-eval' https://domain.com">
I don't get any errors in the browser but alot on the android device. I'm using crosswalk.
No errors in chrome locally but when i inspect the app with chrome://inspect and run it on the device I get these errors:
So the Content-Security-Policy isn't working on the device at all.
What's my mistake?
Upvotes: 1
Views: 1307
Answers (1)
Lightbeard
Reputation: 4131
It appears you need an explicit URI scheme as described here:
content security policy error, but meta-tag includes URL
Thus, something like this should work:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' https://code.jquery.com https://cdn.firebase.com https://www.gstatic.com https://maps.googleapis.com localhost:35729 https://apis.google.com 'unsafe-inline' 'unsafe-eval' https://domain.com">
Upvotes: 4
Related Questions
- How to define Content-Security-Policy in Cordova properly?
- How to add Content Security Policy in index.html
- Content-Security-Policy does not work although I use a wildcard
- Ionic 2 CSP on android
- Content Security Policy cordova problems
- How to set properly "content-security-policy" for Cordova Ios/Windows Phone/Android?
- Content-Security-Policy with Ionic and Socket.IO
- Content Security Policy not working for Ionic serve
- No Content-Security-Policy meta tag found error
- content security policy error, but meta-tag includes URL