"No Content-Security-Policy meta tag found." error in my phonegap application
After update Cordova 5.0 in my system, I create new applications. When I tested my application on a device that time I get an error in the console log:
No Content-Security-Policy meta tag found.
Please add one when using the Cordova-plugin-whitelist plugin.: 23.
I add meta in the head section
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src: 'self' 'unsafe-inline' 'unsafe-eval'>
But again, I got the same error, in the application I use in-app browser plugin and 7 of other website links.
Answer
After adding the cordova-plugin-whitelist, you must tell your application to allow access all the web-page links or specific links, if you want to keep it specific.
You can simply add this to your config.xml, which can be found in your application's root directory:
Recommended in the documentation:
<allow-navigation href="http://example.com/*" />
or:
<allow-navigation href="http://*/*" />
From the plugin's documentation:
Navigation Whitelist
Controls which URLs the WebView itself can be navigated to. Applies to top-level navigations only.
Quirks: on Android it also applies to iframes for non-http(s) schemes.
By default, navigations only to file:// URLs, are allowed. To allow other other URLs, you must add tags to your config.xml:
<!-- Allow links to example.com --> <allow-navigation href="http://example.com/*" /> <!-- Wildcards are allowed for the protocol, as a prefix to the host, or as a suffix to the path --> <allow-navigation href="*://*.example.com/*" /> <!-- A wildcard can be used to whitelist the entire network, over HTTP and HTTPS. *NOT RECOMMENDED* --> <allow-navigation href="*" /> <!-- The above is equivalent to these three declarations --> <allow-navigation href="http://*/*" /> <allow-navigation href="https://*/*" /> <allow-navigation href="data:*" />