This repository has been archived by the owner on Apr 11, 2022. It is now read-only.

Problem with csp #808

Open

ghost opened this issue Mar 8, 2019 · 0 comments

ghost commented Mar 8, 2019 •

edited by ghost

[Phonegap 8.2.2, node 10.14.2 and npm 6.4.1]

Hi
This is my csp info in index.html:

<meta http-equiv="Content-Security-Policy"
      content="default-src *; font-src 'self' data:;
      img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;
         style-src  'self' 'unsafe-inline' *;"/>

When I serve using phonegap, it adds the following CSP:

<meta http-equiv="Content-Security-Policy" content="default-src * gap: ws: https://ssl.gstatic.com;img-src * 'self' data: content:;style-src 'self' 'unsafe-inline' data: blob:;script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;">

I can successfully run the app on my device and emulator.
But when I serve it with phonegap, everything gets ruined.

How can I prevent phonegap from automatically adding this CSP?

The text was updated successfully, but these errors were encountered:

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.