Content security policy


I installed the plugin cordova-plugin-whitelist (I don’t really know why, I think because I saw some solution to an error in the forum :wink: ).

And I have that in my config.xml:

  <access origin="*"/>
  <allow-navigation href="*"/>

When I run my app on Android, I have this “Content-Security-Policy” error. But if I add this to my index.html

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"/>

then I get 404 erros when trying to access various things in my app.

I am confused, can you clarify this to me please ?

Run the app on an android device/emulator but append the -l and -c switched to the command (eg. ionic emulate android -l -c). That way you can see the CSP errors being outputted. Append extra protocols (the ones appearing in the error message) to the meta CSP tag until fixed.

Ok thanks a lot. For now livereload doesn’t work, but as soon it does, I’ll do this.