cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raymond Camden <>
Subject CSP question
Date Sun, 24 May 2015 19:23:01 GMT
According to the HTML5 Rocks article on CSP
you can specify just the host portion. So I tried this to load jQuery
(which, I wouldn't do normally, I'd host it locally):

<meta http-equiv="Content-Security-Policy" content="default-src 'self'
data: gap: 'unsafe-eval'; style-src 'self'
'unsafe-inline'; media-src *; script-src 'self';

This does not work though. If I change it to,
it works fine. Is this simply a bug with the HTML5 Rocks article or a
misunderstanding on my part?

Raymond Camden, Developer Advocate for MobileFirst at IBM

Email :
Blog :
Twitter: raymondcamden

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message