[jira] [Comment Edited] (CB-9133) CDVFILE NOT WORKING???

[Michael Romanovsky (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CB-9133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15054854#comment-15054854
 ] 

Michael Romanovsky edited comment on CB-9133 at 12/13/15 8:20 AM:
------------------------------------------------------------------

I don't know but there hasn't been any movement on the github end.

The main thing here is that I still don't understand the whole idea behind the 
whitelist-by-default. When I posted, it killed cdvfile:// and some other 
things, which is just ridiculous, since IMO that's a pretty critical function 
of Cordova that should not be turned off by default and shouldn't require any 
sort of digging or tweaking to enable. But I am wary of getting into a 
philosophical debate on that.


was (Author: agamemnus):
I don't know but there hasn't been any movement on the github end.

The main thing here is that I still don't understand the whole idea behind the 
whitelist-by-default. When I posted, it killed cdvfile:// and some other 
things, which is just ridiculous, since IMO that's a pretty critical function 
of Cordova that should not be turned off by default. But I am wary of getting 
into a philosophical debate on that.

> CDVFILE NOT WORKING???
> ----------------------
>
>                 Key: CB-9133
>                 URL: https://issues.apache.org/jira/browse/CB-9133
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin Whitelist
>            Reporter: Michael Romanovsky
>            Assignee: Sergey Shakhnazarov
>            Priority: Critical
>
> I used the instructions here:
> https://github.com/apache/cordova-plugin-whitelist
> I have this in my config.xml file:
>     <access origin="*" />
>     <allow-navigation href="*" />
>     <allow-intent href="*" />
> I have this in my .HTML file:
> <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 
> 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
> I get these errors:
> Refused to load the script 'http://d3aq14vri881or.cloudfront.net/kiip.js' 
> because it violates the following Content Security Policy directive: 
> "script-src 'self' 'unsafe-inline' 'unsafe-eval'".
> Refused to load the script 'cdvfile://localhost/persistent/free.min.js' 
> because it violates the following Content Security Policy directive: 
> "script-src 'self' 'unsafe-inline' 'unsafe-eval'".
> HELP?!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org