Conflict with CSP #175
Comments
|
Yeah, we need a websocket connection to the cordova-simulate server which is hosting the HTML, so On that point, had you explicitly disabled XHR to get the original CSP violation? |
|
Nope - it was the default CSP. |
|
This: <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *"> |
|
I was referring to the recently added ability to disable the cordova-simulate feature for XHR proxying, but I don't think we've published the version of the extension that exposes that yet, so don't worry about it. Just so you know, cordova-simulate tweaks the csp to enable these websocket connections in the first place: https://github.com/Microsoft/cordova-simulate/blob/9c002cc6b41c8e31892ea8b2e551e572972fe656/src/server/server.js#L227 Thanks for pointing this out! |
|
Not sure I got all that but sounds like yall have it covered. :) |
|
The latest release of cordova-simulate should have a fix for this, so the next release of this extension should work for you. |
|
At least once #177 gets merged, but that will be soon. |
|
Thank you. :) |
I worked with a project that the default Content Security Policy for an app. It debugged fine until I tried to connect to a remote API. I got (correctly) an error saying my CSP didn't allow for it. So I added:
connect-src https://api.github.com
But as soon as I did that, I got various CSP errors that seemed to be related to the debugger itself and the connections it needed. I ended up doing this to get things working:
connect-src ws://localhost:8000 http://localhost:8000 https://api.github.com
Perhaps the readme should mention this as I think others will run into it as well.
The text was updated successfully, but these errors were encountered: