So you must whitelist the content origins that you consider safe to download content from, using the Content-Security-Policy HTTP header. XSS attacks are based on the browser's inability to distinguish your app's code from code downloaded from another website. How can I solve this issue?įor anyone looking for a complete explanation, I recommend you to take a look at Content Security Policy. Then I thought, maybe, I should change to something like this: īasically, both options don't work for for me. However, if I deployed it to mobile device with Android system of 4.4.x ( KitKat), the security policy works with the default ones:
Violates the following Content Security Policy directive: "script-src "Refused to load the script ' because it Security Policy directive: "script-src 'self' 'unsafe-eval' Script ' because it violates the following Content When I tried to deploy my app onto devices with Android system above 5.0.0 ( Lollipop), I kept getting these kind of error messages:Ġ7-03 18:39:21.621: D/SystemWebChromeClient(9132):įile:///android_asset/www/index.html: Line 0 : Refused to load the
0 kommentar(er)
