MangooSaSa MangooSaSa - 2 months ago 84
Android Question

Refused to load the script because it violates the following Content Security Policy directive

Hi when I tried to deploy my app onto devices with android system above 5.0.0, I kept getting this kind of error messages:


07-03 18:39:21.621: D/SystemWebChromeClient(9132):
file:///android_asset/www/index.html: Line 0 : Refused to load the
script 'http://xxxxx' because it violates the following Content
Security Policy directive: "script-src 'self' 'unsafe-eval'
'unsafe-inline'". 07-03 18:39:21.621: I/chromium(9132):
[INFO:CONSOLE(0)] "Refused to load the script 'http://xxx' because it
violates the following Content Security Policy directive: "script-src
'self' 'unsafe-eval' 'unsafe-inline'".


However, if I deployed it to mobile device with android system of 4.4.x, the security policy works with default ones:

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">


Then I thought, maybe, i should change to something like this:

<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline'; media-src *">


Basically, both option doesn't work for for me. Does anybody have an idea of how to solve this issue?

Thanks!

Answer

solved with

script-src 'self' http://xxxx 'unsafe-inline' 'unsafe-eval'; 
Comments