You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cordova.apache.org by no...@apache.org on 2022/02/01 20:55:02 UTC

[cordova-docs] branch master updated: doc(ios): remove gap from CSP (#1219)

This is an automated email from the ASF dual-hosted git repository.

normanbreau pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cordova-docs.git


The following commit(s) were added to refs/heads/master by this push:
     new f35040f  doc(ios): remove gap from CSP (#1219)
f35040f is described below

commit f35040f8be95c3c6aee814146c128d6108cb02d4
Author: Mosab A <47...@users.noreply.github.com>
AuthorDate: Tue Feb 1 22:54:56 2022 +0200

    doc(ios): remove gap from CSP (#1219)
---
 www/docs/en/dev/guide/appdev/allowlist/index.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/www/docs/en/dev/guide/appdev/allowlist/index.md b/www/docs/en/dev/guide/appdev/allowlist/index.md
index ec3fd12..688a869 100644
--- a/www/docs/en/dev/guide/appdev/allowlist/index.md
+++ b/www/docs/en/dev/guide/appdev/allowlist/index.md
@@ -149,13 +149,12 @@ Here are some example CSP declarations for your `.html` pages:
 
 ```html
 <!-- Good default declaration:
-    * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
     * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
     * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
         * Enable inline JS: add 'unsafe-inline' to default-src
         * Enable eval(): add 'unsafe-eval' to default-src
 -->
-<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
 
 <!-- Allow everything but only from the same origin and foo.com -->
 <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org