admin管理员组文章数量:1326508
i have tried many ways of loading google maps and firebaseio without success: this is what i have now:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: ;
script-src 'self' /* 'unsafe-inline' 'unsafe-eval';
style-src 'self' 'unsafe-inline';">
and i get:
Refused to load the script '' because it violates the following Content Security Policy directive: "script-src 'self' /* 'unsafe-inline' 'unsafe-eval'".
Refused to load the script '/.lp?start=t&ser=79549912&cb=1&v=5' because it violates the following Content Security Policy directive: "script-src 'self' /* 'unsafe-inline' 'unsafe-eval'".
any ideas what am i doing wrong?
i have tried many ways of loading google maps and firebaseio without success: this is what i have now:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com;
script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval';
style-src 'self' 'unsafe-inline';">
and i get:
Refused to load the script 'https://maps.googleapis.com/maps/api/js?libraries=places' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".
Refused to load the script 'https://test.firebaseio.com/.lp?start=t&ser=79549912&cb=1&v=5' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".
any ideas what am i doing wrong?
Share Improve this question asked Jul 11, 2015 at 7:36 PatrioticcowPatrioticcow 27k76 gold badges220 silver badges339 bronze badges 3 |2 Answers
Reset to default 20this did the trick :)
<meta http-equiv="Content-Security-Policy"
content="default-src *;
script-src 'self' 'unsafe-inline' 'unsafe-eval'
127.0.0.1:*
http://*.google.com
http://*.gstatic.com
http://*.googleapis.com
http://*.firebaseio.com
https://*.google.com
https://*.gstatic.com
https://*.googleapis.com
https://*.firebaseio.com
;
style-src 'self' 'unsafe-inline'
127.0.0.1
http://*.google.com
http://*.gstatic.com
http://*.googleapis.com
http://*.firebaseio.com
https://*.google.com
https://*.gstatic.com
https://*.googleapis.com
https://*.firebaseio.com
">
and the google script <script src="https://maps-api-ssl.google.com/maps/api/js?libraries=places"></script>
for development without any restrictions use:
<meta http-equiv="Content-Security-Policy"
content="default-src * 'unsafe-eval' 'unsafe-inline'">
本文标签:
版权声明:本文标题:javascript - phonegap + ionic using Content-Security-Policy to load maps.googleapis.com, how to? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1739260704a2155353.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
'https://maps.googleapis.com/*'rather thanhttps://maps.googleapis.com/*– Sushant Commented Jul 11, 2015 at 7:38The source list for Content Security Policy directive 'script-src' contains an invalid source: ''https://maps.googleapis.com/*''. It will be ignored.– Patrioticcow Commented Jul 11, 2015 at 7:42https://maps.googleapis.comis what you're trying to accomplish. – oreoshake Commented Sep 3, 2015 at 18:36