cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frederik Braun <>
Subject Re: Suggestion: Warning about usage of patterns that conflict with the Firefox OS CSP
Date Wed, 12 Nov 2014 13:53:54 GMT
Response inline

On 12.11.2014 14:35, Michal Mocny wrote:
> We could add <meta http-equiv="Content-Security-Policy" content=".."> to
> the default template, or create a plugin that injects it automatically and
> try to get developers to install that plugin.
> This has some benefits for security of cordova apps and has been brought up
> on these lists in that context (very recently by Ian's whitelist -> plugin
> thread).

Meta CSP is quite a nice idea, yet we're unfortunately lacking support
in Firefox (and Firefox OS) so far

I was thinking that some sort of early feedback (i.e. build step
warning) could help avoiding these patterns when app developement has
*just* started.

> Finally, perhaps you can use the `vulcanize --csp` tool to externalize
> scripts automatically? (This issue applies to chrome apps, and vulcanize is
> used to solve the problem with web component inline scripts).

That's an interesting suggestion, thanks!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message