Skip to content

Commit

Permalink
Another CSP comment tweak
Browse files Browse the repository at this point in the history
  • Loading branch information
@agrieve
agrieve committed Mar 12, 2015
1 parent db67268 commit c7253f1
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions www/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,9 @@
Some notes:
* gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
* https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
* To enable use of inline JS, add 'unsafe-inline' to default-src
* To enable use of eval(), add 'unsafe-eval' to default-src
* Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
* Enable inline JS: add 'unsafe-inline' to default-src
* Enable eval(): add 'unsafe-eval' to default-src
-->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
<meta name="format-detection" content="telephone=no">
Expand Down

0 comments on commit c7253f1

Please sign in to comment.