Open ghost opened 5 years ago
[Phonegap 8.2.2, node 10.14.2 and npm 6.4.1]
Hi This is my csp info in index.html:
<meta http-equiv="Content-Security-Policy" content="default-src *; font-src 'self' data:; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *;"/>
When I serve using phonegap, it adds the following CSP:
<meta http-equiv="Content-Security-Policy" content="default-src * gap: ws: https://ssl.gstatic.com;img-src * 'self' data: content:;style-src 'self' 'unsafe-inline' data: blob:;script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;">
I can successfully run the app on my device and emulator. But when I serve it with phonegap, everything gets ruined.
How can I prevent phonegap from automatically adding this CSP?
[Phonegap 8.2.2, node 10.14.2 and npm 6.4.1]
Hi This is my csp info in index.html:
When I serve using phonegap, it adds the following CSP:
I can successfully run the app on my device and emulator. But when I serve it with phonegap, everything gets ruined.
How can I prevent phonegap from automatically adding this CSP?