16

Finally get Android stuido to work with the cordova-android 4.0 but i read that we must install the whitelist plugin but i dont know how to configure this plugin to work with cordova-android 4.0. i got error messasges as below

04-13 16:30:31.291      856-856/com.vs.VSMF W/Web Console﹕ No Content-    Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin. at file:///android_asset/www/plugins/cordova-plugin-whitelist/whitelist.js:25
04-13 16:30:41.290      856-856/com.vs.VSMF D/SystemWebChromeClient﹕ file:///android_asset/www/plugins/cordova-plugin-whitelist/whitelist.js: Line 25 : No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.

It seems to be something wrong with the configure.xml 

<?xml version="1.0" encoding="UTF-8"?>


<widget xmlns     = "http://www.w3.org/ns/widgets"
    xmlns:gap = "http://phonegap.com/ns/1.0"
    id        = "com.vs.VSMF"
    version   = "1.0.0">

<name>VSMF</name>

<description>
    VSMF project template.
</description>

<author href="" email="dong_dh@hotmail.com">
    Hua Dong
</author>

<!--
    Enable individual API permissions here.
    The "device" permission is required for the 'deviceready' event.
-->
<feature name="http://api.phonegap.com/1.0/device" />

<!--
    If you do not want any permissions to be added to your app, add the
    following tag to your config.xml; you will still have the INTERNET
    permission on your app, which PhoneGap requires.
-->
<preference name="permissions"                value="none"/>


<preference name="orientation"                value="default" />    
<preference name="target-device"              value="universal" />    
<preference name="fullscreen"                 value="true" />          
<preference name="disallowOverscroll"         value="true" />
<preference name="webviewbounce"              value="false" />        
<preference name="prerendered-icon"           value="true" />          
<preference name="stay-in-webview"            value="false" />         
<preference name="ios-statusbarstyle"         value="black-opaque" />   
<preference name="detect-data-types"          value="true" />           
<preference name="exit-on-suspend"            value="false" />          
<preference name="show-splash-screen-spinner" value="true" />          
<preference name="auto-hide-splash-screen"    value="false" />           
<preference name="AutoHideSplashScreen" value="false" />
<preference name="SplashScreenDelay"          value="60000" />
<preference name="disable-cursor"             value="false" />         
<preference name="android-minSdkVersion"      value="17" />              
<preference name="android-installLocation"    value="auto" />          
<preference name="iosExtraFilesystems" value="library,library     nosync,documents,documents-nosync,cache,bundle,root" />
<preference name="iosPersistentFileLocation" value="Library" />
<preference name="AndroidExtraFilesystems" value="files,files-external,documents,sdcard,cache,cache-external,root" />
<preference name="AndroidPersistentFileLocation" value="Internal" />

<gap:plugin name="org.apache.cordova.console" />
<gap:plugin name="org.apache.cordova.network-information" />

<!-- Define app icon for each platform. -->
<icon src="icon.png" />
<icon src="res/icon/android/icon-36-ldpi.png"   gap:platform="android"    gap:density="ldpi" />
<icon src="res/icon/android/icon-48-mdpi.png"   gap:platform="android"    gap:density="mdpi" />
<icon src="res/icon/android/icon-72-hdpi.png"   gap:platform="android"    gap:density="hdpi" />
<icon src="res/icon/android/icon-96-xhdpi.png"  gap:platform="android"    gap:density="xhdpi" />
<icon src="res/icon/blackberry/icon-80.png"     gap:platform="blackberry" />
<icon src="res/icon/blackberry/icon-80.png"     gap:platform="blackberry" gap:state="hover"/>
<icon src="res/icon/ios/icon-57.png"            gap:platform="ios"        width="57" height="57" />
<icon src="res/icon/ios/icon-72.png"            gap:platform="ios"        width="72" height="72" />
<icon src="res/icon/ios/icon-57-2x.png"         gap:platform="ios"        width="114" height="114" />
<icon src="res/icon/ios/icon-72-2x.png"         gap:platform="ios"        width="144" height="144" />
<icon src="res/icon/webos/icon-64.png"          gap:platform="webos" />
<icon src="res/icon/windows-phone/icon-48.png"  gap:platform="winphone" />
<icon src="res/icon/windows-phone/icon-173.png" gap:platform="winphone"   gap:role="background" />

<!-- Define app splash screen for each platform. -->
<gap:splash src="res/screen/android/screen-ldpi-portrait.png"  gap:platform="android" gap:density="ldpi" />
<gap:splash src="res/screen/android/screen-mdpi-portrait.png"  gap:platform="android" gap:density="mdpi" />
<gap:splash src="res/screen/android/screen-hdpi-portrait.png"  gap:platform="android" gap:density="hdpi" />
<gap:splash src="res/screen/android/screen-xhdpi-portrait.png" gap:platform="android" gap:density="xhdpi" />
<gap:splash src="res/screen/blackberry/screen-225.png"         gap:platform="blackberry" />
<gap:splash src="res/screen/ios/screen-iphone-portrait.png"    gap:platform="ios"     width="320" height="480" />
<gap:splash src="res/screen/ios/screen-iphone-portrait-2x.png" gap:platform="ios"     width="640" height="960" />
<gap:splash src="res/screen/ios/screen-ipad-portrait.png"      gap:platform="ios"     width="768" height="1024" />
<gap:splash src="res/screen/ios/screen-ipad-landscape.png"     gap:platform="ios"     width="1024" height="768" />
<gap:splash src="res/screen/windows-phone/screen-portrait.jpg" gap:platform="winphone" />


<access origin="*" launch-external="yes"/> <!-- allow local pages -->

</widget>
Steven de Salas
  • 20,944
  • 9
  • 74
  • 82
Ming Zhao
  • 241
  • 2
  • 3
  • 8

1 Answers1

51

Seems to be complaining about the lack of meta tag for Content-Security-Policy, make sure you have one in your index.html

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
    ...

See:

https://github.com/apache/cordova-plugin-whitelist#content-security-policy

Jo Liss
  • 30,333
  • 19
  • 121
  • 170
Steven de Salas
  • 20,944
  • 9
  • 74
  • 82
  • 1
    I have a CSP tag in my index (which is being adhered to by the browser) but weirdly my console is still full of the "No Content-Security-Policy..." messages. – Chris Rae May 19 '15 at 17:00
  • 9
    Pro-tip: When trying to debug the "No Content-Security-Policy" messages, make sure that there's not another app running in the background on the same device which has no CSP metadata in it. – Chris Rae May 19 '15 at 17:56
  • 1
    Just to document, when I added this metatag, livereload breaks (Refused to load the script 'http://192.168.10.21:35730/livereload.js?snipver=1' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'). – Christian Benseler Aug 10 '15 at 13:17
  • Hi Chris, You'll have to work out the right combination of permissions (which scripts the page is allowed to load). Thats what the meta tag is for. See http://stackoverflow.com/questions/30280370/how-does-content-security-policy-work for more info. – Steven de Salas Aug 12 '15 at 01:29
  • Exactly what I needed! – Vidul Sep 07 '15 at 18:40
  • Google maps are not working if i add this in index.html. ERROR : Refused to load the script `https://maps.googleapis.com/maps/api/js?v=3.exp&libraries=places` because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval'". – Rajeshwar Oct 02 '15 at 15:22
  • Hi @Rajeshwar, as I mentioned to Chris, you'll have to work out the right combination of `Content-Security-Policy` permissions for your app. See other answers such as http://stackoverflow.com/questions/30280370/how-does-content-security-policy-work that deal with this tag more in depth. – Steven de Salas Oct 03 '15 at 02:23