You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by no...@apache.org on 2022/02/01 20:55:02 UTC
[cordova-docs] branch master updated: doc(ios): remove gap from CSP (#1219)
This is an automated email from the ASF dual-hosted git repository.
normanbreau pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cordova-docs.git
The following commit(s) were added to refs/heads/master by this push:
new f35040f doc(ios): remove gap from CSP (#1219)
f35040f is described below
commit f35040f8be95c3c6aee814146c128d6108cb02d4
Author: Mosab A <47...@users.noreply.github.com>
AuthorDate: Tue Feb 1 22:54:56 2022 +0200
doc(ios): remove gap from CSP (#1219)
---
www/docs/en/dev/guide/appdev/allowlist/index.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/www/docs/en/dev/guide/appdev/allowlist/index.md b/www/docs/en/dev/guide/appdev/allowlist/index.md
index ec3fd12..688a869 100644
--- a/www/docs/en/dev/guide/appdev/allowlist/index.md
+++ b/www/docs/en/dev/guide/appdev/allowlist/index.md
@@ -149,13 +149,12 @@ Here are some example CSP declarations for your `.html` pages:
```html
<!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
* https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
* Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
* Enable inline JS: add 'unsafe-inline' to default-src
* Enable eval(): add 'unsafe-eval' to default-src
-->
-<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
<!-- Allow everything but only from the same origin and foo.com -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org