Phonegap + ionic using Content-Security-Policy to download maps.googleapis.com, how?

Question

Phonegap + ionic using Content-Security-Policy to download maps.googleapis.com, how?

I tried many ways to download google and firebaseio maps without success: this is what I have now:

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com;
  script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval';
  style-src 'self' 'unsafe-inline';">

and I get:

Refused to load the script 'https://maps.googleapis.com/maps/api/js?libraries=places' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".

Refused to load the script 'https://test.firebaseio.com/.lp?start=t&ser=79549912&cb=1&v=5' because it violates the following Content Security Policy directive: "script-src 'self' https://maps.googleapis.com/* 'unsafe-inline' 'unsafe-eval'".

Any ideas what I am doing wrong?

+4

javascript google-maps content-security-policy firebase phonegap-plugins

Patrioticcow Jul 11 '15 at 7:36

source share

2 answers

for development without any restrictions:

<meta http-equiv="Content-Security-Policy" 
      content="default-src * 'unsafe-eval' 'unsafe-inline'">

+1

dimention Jul 13 '15 at 21:04

source share

Patrioticcow · Accepted Answer · 2015-07-11T08:40:19+0000

it did the trick :)

<meta http-equiv="Content-Security-Policy"
          content="default-src *;
               script-src 'self' 'unsafe-inline' 'unsafe-eval'
                           127.0.0.1:*
                           http://*.google.com
                           http://*.gstatic.com
                           http://*.googleapis.com
                           http://*.firebaseio.com
                           https://*.google.com
                           https://*.gstatic.com
                           https://*.googleapis.com
                           https://*.firebaseio.com
                           ;
               style-src  'self' 'unsafe-inline'
                          127.0.0.1
                           http://*.google.com
                           http://*.gstatic.com
                           http://*.googleapis.com
                           http://*.firebaseio.com
                           https://*.google.com
                           https://*.gstatic.com
                           https://*.googleapis.com
                           https://*.firebaseio.com
">

and google script <script src="https://maps-api-ssl.google.com/maps/api/js?libraries=places"></script>

Phonegap + ionic using Content-Security-Policy to download maps.googleapis.com, how?

More articles: