Geek Answers Handbook

Using Cordoba 5.0.0 Google Maps with Content Security Policy

I am creating a Cordova application for Android using Cordova 5.0.0. and I use Google Maps without a plugin, and it should be without a plugin. I include this script and meta tag. In addition, Cordova uses the whitelist plugin.

<!-- Meta tag --> <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'"> <!-- Google Maps--> <script type="text/javascript" src="https://maps.googleapis.com/maps/api/js?sensor=true"></script>

he gives me this error:

  Refused to load the script 'https://maps.googleapis.com/maps/api/js?sensor=true' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'".
+5
source share
4 answers

try this block to remove this error.

 <meta http-equiv="Content-Security-Policy" content=" default-src 'self' data: gap: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-srv 'self' 'unsafe-inline' 'unsafe-eval' * ">
+2
source

Try using the following content security policy:

 <meta http-equiv="Content-Security-Policy" content=" default-src 'self' data: gap: https://ssl.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.googleapis.com; style-src 'self' 'unsafe-inline'; media-src *">

Google maps need the rules defined for script -src, as described above, with "insecure-inline", "insecure-eval" .; )

+11
source

You need to add the <allow-navigation> tags to your config.xml file if you want to allow navigation for other URLs. The following should work:

 <access origin="*" /> <allow-navigation href="*" /> <allow-intent href="*" />

As a cautious word, the <allow-intent> connects the entire network using HTTP and HTTPS, which may not be the way you want it in a production environment. You can check the documentation for more information. Otherwise, if you have other security blocks, you may need to remove them, as they may block Google Maps.

0
source

The previous message, but after a few ticks, the one that worked for me was found.

 <meta http-equiv="Content-Security-Policy" content="default-src 'self' data gap https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com 'unsafe-inline' 'unsafe-eval'; media-src *">
0
source

More articles:


All Articles