Recently I was building a reusable places autocomplete module requireing to load script from googleapis.com. I quickly found that only for production iOS I need to add
<meta http-equiv="Content-Security-Policy"> with proper content. While I have in my backlog to address CSP properly, this time I wanted to add minimum and start to think about it as was unable to found all the info I need…
what are particular equivalent CSP values when there is no
script-srcis the default
are there CSP equivalents of cordova whitelist plugin tags in
if I want to introduce security - how to deal with inline and eval cases? are there any nonce/hash plugins available?
how to distinguish between development and production?
what should be default CSP values to start with bare ionic apps?
strict-dynamicsupported? if so how it can be used?
should the Angular Meta service work to configure this dynamically? OR maybe some better ionic/capacitor/cordova plugin/module is missing to support management of access lists?