Rails and Cordova together - No Content-Security-Policy meta tag found

claudiocarmeli · April 19, 2016, 7:17pm

I have been stuck for over a week on something really annoying to which I am sure there must be an easy solution to but I don’t really know what to google for and cannot find the answers anywhere.

I have a simple Rails back-end serving JSON to an Ionic+Cordova+Angular front-end. The app works PERFECTLY on browsers. When I try it on the Galaxy5 also does. However, all PUT requests do send a message to the database but don’t write anything! It’s a security issue as I keep getting

No Content-Security-Policy meta tag found
However adding it does not fix it. Does anyone know WHY? I really need to fix this but have tried all things with no luck so far.

My config.xml looks like this

default-src *; 
style-src * 'unsafe-inline'; 
script-src * 'unsafe-inline'; 
media-src *;
img-src * data:;"
/>```
And I still get the same

```"No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.", source: file:///android_asset/www/plugins/cordova-plugin-whitelist/whitelist.js (26)```
I also tried to add that to my index.html but that didn't help. I know for a fact that other people are having the same issue and I am wondering if there is a simple solution to this so that I can go on with my experiments :slight_smile:

Thank you very much in advance and sorry for being long,
Kind regards,
Claudio

rapropos · April 19, 2016, 7:22pm

CSP meta tags belong in index.html, not config.xml.

claudiocarmeli · April 19, 2016, 7:23pm

Thanks, will try now

claudiocarmeli · April 19, 2016, 7:39pm

OK, Now I have:

default-src *; 
style-src * 'unsafe-inline'; 
script-src * 'unsafe-inline'; 
media-src *;
img-src * data:;"
/>```
in my index.html, inside of WWW

And

```<access origin="*"/>
<allow-intent href="*"/>
<allow-navigation href="*"/>```

in config.xml.

I am getting:

```I/chromium( 9033): [INFO:CONSOLE(26)] "No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.", source: file:///android_asset/www/plugins/cordova-plugin-whitelist/whitelist.js (26)```

```I/chromium( 9033): [INFO:CONSOLE(2)] "Ionic Core:", source: file:///android_asset/www/lib/ionic-platform-web-client/dist/ionic.io.bundle.min.js (2)```

```I/chromium( 9033): [INFO:CONSOLE(24)] "No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.", source: file:///android_asset/www/plugins/cordova-plugin-whitelist/whitelist.js (24)```

``I/chromium( 9033): [INFO:CONSOLE(35)] "[object Object]", source: file:///android_asset/www/js/services.js (35)```

```I/chromium( 9033): [INFO:CONSOLE(26)] "No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.", source: file:///android_asset/www/plugins/cordova-plugin-whitelist/whitelist.js (26)```

```D/HealthConsole(14348): Service for HealthDataConsole is connected
D/HealthConsole(16263): Service for HealthDataConsole is connected
D/HealthConsole(16714): Service for HealthDataConsole is connected```