[ https://issues.apache.org/jira/browse/CB-9133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054854#comment-15054854 ]
Michael Romanovsky commented on CB-9133: ---------------------------------------- I don't know but there hasn't been any movement on the github end. The main thing here is that I still don't understand the whole idea behind the whitelist-by-default. When I posted, it killed cdvfile:// and some other things, which is just ridiculous, since IMO that's a pretty critical function of Cordova that should not be turned off by default. But I am wary of getting into a philosophical debate on that. > CDVFILE NOT WORKING??? > ---------------------- > > Key: CB-9133 > URL: https://issues.apache.org/jira/browse/CB-9133 > Project: Apache Cordova > Issue Type: Bug > Components: Plugin Whitelist > Reporter: Michael Romanovsky > Assignee: Sergey Shakhnazarov > Priority: Critical > > I used the instructions here: > https://github.com/apache/cordova-plugin-whitelist > I have this in my config.xml file: > <access origin="*" /> > <allow-navigation href="*" /> > <allow-intent href="*" /> > I have this in my .HTML file: > <meta http-equiv="Content-Security-Policy" content="default-src *; style-src > 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"> > I get these errors: > Refused to load the script 'http://d3aq14vri881or.cloudfront.net/kiip.js' > because it violates the following Content Security Policy directive: > "script-src 'self' 'unsafe-inline' 'unsafe-eval'". > Refused to load the script 'cdvfile://localhost/persistent/free.min.js' > because it violates the following Content Security Policy directive: > "script-src 'self' 'unsafe-inline' 'unsafe-eval'". > HELP?! -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org