Hi, If it's for AJAX, would you please try you to use 'connect-src' instead of 'script-src'? See the explanation: connect-src
'self' Applies to XMLHttpRequest (AJAX), WebSocket orEventSource. If not allowed the browser emulates a 400HTTP status code. You can also see the description and examples about CSP here: http://content-security-policy.com/ Yongsheng From: [email protected] [mailto:[email protected]] Sent: Tuesday, March 25, 2014 7:47 PM To: Zhu, Yongsheng; [email protected] Cc: [email protected]; [email protected] Subject: RE: Regarding settings for webview Hi, I just tried giving "content_security_policy": "script-src 'self' https://example.service.com"; Even then its not allowing files to be accessed from that URL :( . I used cross walk 5 as suggested . From: Babu, Rajesh C. Sent: 25 March 2014 15:32 To: 'Zhu, Yongsheng'; [email protected]<mailto:[email protected]> Cc: Maclean, Daniel; Edens, Richard Subject: RE: Regarding settings for webview Hi, Thanks for your response. So If I want to allow any URL accessing without any hindrance. What should be the setting of 'content_security_policy' ? , I am not able to find solid result, Has anyone tried it before ? From: Zhu, Yongsheng [mailto:[email protected]] Sent: 24 March 2014 11:21 To: Babu, Rajesh C.; [email protected]<mailto:[email protected]> Subject: RE: Regarding settings for webview Rajesh, This setting will disable the web security mechanism for all origins so it is very risky to enable that by default. If you want to enable Ajax calls for different origins, I suggest you use manifest.json and its field 'content_security_policy' which can define CSP policy for web application. It's supported since Crosswalk-5. To understand how to use it, find the doc here: https://crosswalk-project.org/#wiki/Crosswalk-manifest Yongsheng From: Zhu, Yongsheng Sent: Monday, March 24, 2014 9:52 AM To: '[email protected]'; [email protected]<mailto:[email protected]> Subject: RE: Regarding settings for webview Hi, Rajesh Glad to see you can fix this by setting 'setAllowUniversalAccesFromFileUrls'. I'm sorry we don't expose this kind of settings in the side for RuntimeView. However, it's reasonable for me to enable it by default and we would like to fix it in Crosswalk-5 beta. Before it's landed, as an alternative, could you please try with Cordova-Crosswalk? You can add this setting in it: https://crosswalk-project.org/#wiki/crosswalk-cordova-android Yongsheng From: Crosswalk-help [mailto:[email protected]] On Behalf Of [email protected]<mailto:[email protected]> Sent: Friday, March 21, 2014 5:49 PM To: [email protected]<mailto:[email protected]> Subject: [Crosswalk-help] Regarding settings for webview Hi, I am Rajesh Babu, I built an .apk for a html app using Crosswalk-Project Documentation on Crosswalk 3 version. My App basically requires to make Ajax Calls, But I am getting an error like access-control-allow-origin header on android device, this would normally be rectified if I use webView.getSettings().setAllowUniversalAccesFromFileUrls(true) on the native side . How do I make the same setting on the getRuntimeView() ??? ________________________________ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. ______________________________________________________________________________________ www.accenture.com<http://www.accenture.com>
_______________________________________________ Crosswalk-help mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help
