You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Jerome Lambert (JIRA)" <ji...@apache.org> on 2015/08/14 11:38:45 UTC
[jira] [Commented] (CB-9277) CSP error in processMessage
(cordova.js:1072)
[ https://issues.apache.org/jira/browse/CB-9277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14696765#comment-14696765 ]
Jerome Lambert commented on CB-9277:
------------------------------------
I have the same issue but I'm not able to determine which plugin is source of use the deprecated method.
Here's my plugin list:
android.support.v4 21.0.1 "Android Support v4"
com.google.playservices 21.0.0 "Google Play Services for Android"
com.ionic.keyboard 1.0.4 "Keyboard"
cordova-plugin-camera 1.2.0 "Camera"
cordova-plugin-console 1.0.1 "Console"
cordova-plugin-device 1.0.1 "Device"
cordova-plugin-file 2.1.0 "File"
cordova-plugin-geolocation 1.0.1 "Geolocation"
cordova-plugin-globalization 1.0.2-dev "Globalization"
cordova-plugin-network-information 1.0.1 "Network Information"
cordova-plugin-splashscreen 2.1.0 "Splashscreen"
cordova-plugin-statusbar 1.0.1 "StatusBar"
cordova-plugin-whitelist 1.0.0 "Whitelist"
nl.x-services.plugins.toast 2.0.4 "Toast"
plugin.google.maps 1.2.4 "phonegap-googlemaps-plugin"
plugin.http.request 1.0.0 "phonegap-http-request"
How to determine which plugin is source of the issue ?
Here's console log:
Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self' http://ws.tectime.be http://www.infotec.be data: gap: https://ssl.gstatic.com".
processMessage @ cordova.js:1073processMessages @ cordova.js:1107pollOnce @ cordova.js:976pollOnceFromOnlineEvent @ cordova.js:963
> CSP error in processMessage (cordova.js:1072)
> ---------------------------------------------
>
> Key: CB-9277
> URL: https://issues.apache.org/jira/browse/CB-9277
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Affects Versions: 3.5.0
> Environment: CCA 0.7.1 with cordova com.chariotsolutions.nfc.plugin
> Reporter: Morille Jerome
>
> With CCA 0.7.1 during processing NFC message with the plugins
> {code}
> <plugin name="com.chariotsolutions.nfc.plugin" spec="^0.6.2"/>
> {code}
> the call of the plugin function (and when passing the nfc tags)
> {code}
> nfc.addNdefListener(onNfcEvent,onSuccess, onFailure );
> {code}
> the error is raised
> {code}
> Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src file: data: chrome-extension: https://ssl.gstatic.com".
> processMessage @ cordova.js:1070
> processMessages @ cordova.js:1104
> pollOnce @ cordova.js:973
> pollOnceFromOnlineEvent
> {code}
> The problem is writing directly in the code source of the following file
> n the file https://github.com/apache/cordova-android/blob/4bf705a3d39b34400388265381a9975b246e3779/bin/templates/project/assets/www/cordova.js
> line 1073 we have the eval that cause the bugs.. (like writted in the code)
> {code}
> function processMessage(message) {
> var firstChar = message.charAt(0);
> if (firstChar == 'J') {
> // This is deprecated on the .java side. It doesn't work with CSP enabled.
> eval(message.slice(1));
> } else if (firstChar == 'S' || firstChar == 'F') {
> var success = firstChar == 'S';
> var keepCallback = message.charAt(1) == '1';
> var spaceIdx = message.indexOf(' ', 2);
> var status = +message.slice(2, spaceIdx);
> var nextSpaceIdx = message.indexOf(' ', spaceIdx + 1);
> var callbackId = message.slice(spaceIdx + 1, nextSpaceIdx);
> var payloadMessage = message.slice(nextSpaceIdx + 1);
> var payload = [];
> buildPayload(payload, payloadMessage);
> cordova.callbackFromNative(callbackId, success, status, payload, keepCallback);
> } else {
> console.log("processMessage failed: invalid message: " + JSON.stringify(message));
> }
> }
> {code}
> please correct this code
> {code}
> // This is deprecated on the .java side. It doesn't work with CSP enabled.
> eval(message.slice(1));
> {code}
> https://github.com/MobileChromeApps/mobile-chrome-apps/issues/584
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org