You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ag...@apache.org on 2015/03/12 18:35:06 UTC

cordova-app-hello-world git commit: Remove path from CSP string (since CSP ignores paths). Add CSP rationale within comment

Repository: cordova-app-hello-world
Updated Branches:
  refs/heads/master 18fc9b4ea -> db672689d


Remove path from CSP string (since CSP ignores paths). Add CSP rationale within comment


Project: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/commit/db672689
Tree: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/tree/db672689
Diff: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/diff/db672689

Branch: refs/heads/master
Commit: db672689d35420f8cf508377b8d339eb231e283a
Parents: 18fc9b4
Author: Andrew Grieve <ag...@chromium.org>
Authored: Thu Mar 12 13:33:29 2015 -0400
Committer: Andrew Grieve <ag...@chromium.org>
Committed: Thu Mar 12 13:34:57 2015 -0400

----------------------------------------------------------------------
 www/index.html | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/blob/db672689/www/index.html
----------------------------------------------------------------------
diff --git a/www/index.html b/www/index.html
index 0f091de..c67c617 100644
--- a/www/index.html
+++ b/www/index.html
@@ -19,7 +19,16 @@
 -->
 <html>
     <head>
-        <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com/accessibility/javascript/android/; style-src 'self' 'unsafe-inline'; media-src *">
+        <!--
+        Customize this policy to fit your own app's needs. For more guidance, see:
+            https://github.com/apache/cordova-plugin-whitelist/blob/master/README.md#content-security-policy
+        Some notes:
+            * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+            * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+            * To enable use of inline JS, add 'unsafe-inline' to default-src
+            * To enable use of eval(), add 'unsafe-eval' to default-src
+        -->
+        <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
         <meta name="format-detection" content="telephone=no">
         <meta name="msapplication-tap-highlight" content="no">
         <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org