and understand the failure.
Thanks,
Nikhil
-Original Message-
From: Pär [mailto:p.majh...@gmail.com]
Sent: Thursday, May 21, 2015 6:24 PM
To: dev@cordova.apache.org
Subject: Re: CSP ignored when using remote content
Thanks for the reply. Yes, the CSP rules are defined by the page
@cordova.apache.org javascript:;
Subject: Re: CSP ignored when using remote content
Thanks for the reply. Yes, the CSP rules are defined by the page that
is
loaded, wherever that is. The thing is that the behavior when loading
that
page from a remote server is different from
...@gmail.com javascript:;]
Sent: Thursday, May 21, 2015 6:24 PM
To: dev@cordova.apache.org javascript:;
Subject: Re: CSP ignored when using remote content
Thanks for the reply. Yes, the CSP rules are defined by the page that
is
loaded, wherever that is. The thing is that the behavior
Message-
From: Pär [mailto:p.majh...@gmail.com]
Sent: Thursday, May 21, 2015 6:24 PM
To: dev@cordova.apache.org
Subject: Re: CSP ignored when using remote content
Thanks for the reply. Yes, the CSP rules are defined by the page that is
loaded, wherever that is. The thing is that the behavior when
When using a remote content src like content src=
http://remoteserver.com/app/index.html; the CSP rules seems to be ignored;
cross origin requests fail even with a default-src * CSP. Is this
intended behaviour or a bug?
This is the intended behavior. The csp rules are defined by the page that
is loaded, wherever it is.
Pointing content.src to a remote server basically means, ignore anything
that is in www/index.html.
@purplecabbage
risingj.com
On Thu, May 21, 2015 at 2:16 PM, Pär p.majh...@gmail.com wrote:
Thanks for the reply. Yes, the CSP rules are defined by the page that is
loaded, wherever that is. The thing is that the behavior when loading that
page from a remote server is different from the behavior when loading the
page locally, even though its the exact same page.
I have access origin=*