+
1 1 1
  1. #1
    Status
    Offline
      Rise Company
    Engineering and Technology
    Apr 2014
    Egypt
    4,611
    10

    CSP Content Security Policy -


    Whitelist Blocking CSP Content Security Policy -
    Phone Gap / Cordova

    CSP / / /

    plugin function !!!

    api index.html index.js

    Meta

    :
    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">
    :
    3 ,



    :
    <!--
            Customize this policy to fit your own app's needs. For more guidance, see:
                https://github.com/apache/cordova-plugin-whitelist/blob/master/README.md#content-security-policy
            Some notes:
                * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
                * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
                * Disables use of inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
                    * Enable inline JS: add 'unsafe-inline' to default-src
            -->
    / :

    :
    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">

    self
    res

    unsafe-inline
    res

    unsafe-eval



    gap


    https://ssl.gstatic.com
    TalkBack (accessibility)

    :




    :
       script-src * 'unsafe-inline';


    :
    <meta http-equiv="Content-Security-Policy" content="
        default-src *; 
        style-src * 'unsafe-inline'; 
        script-src * 'unsafe-inline'; 
        media-src *; img-src * data:; 
    " />


    .

    This policy allows images, scripts, AJAX, and CSS from the same origin, and does not allow any other resources to load (eg object, frame, media, etc).
    :
    https://content-security-policy.com/


    ------------------------------------------------------------------------
    Rise Company for Engineering & Technology
    ------------------------------------------------------------------------
    Web Hosting | Web Designing | E-Marketing

    # 1 Business Services

    Web Hosting - Business Emails

    Web Design - Google Adwords

    www.rise.company | www.rise.company/emails

    :
    ! .



  1. Cordova/Phonegap
    Rise Company Ionic/Cordova
    : 0
    : 16-07-2017, 01:06
  2. Phone Gap / Cordova 60
    Rise Company Ionic/Cordova
    : 0
    : 27-06-2017, 23:00
  3. wp security All in one WP security
    Rise Company WordPress
    : 0
    : 12-06-2017, 18:53
  4. ESET Smart Security 4.2.22.0 Beta
    Eng Amr Adel Rise Computer
    : 0
    : 22-12-2009, 22:35
  5. ESET Smart Security 4.2.22.0 Beta
    Eng Amr Adel Rise Computer
    : 0
    : 22-12-2009, 21:35