I can't answer your question about angular, but you can find information about the CSP policy enforced for privileged apps here: https://developer.mozilla.org/en-US/docs/Apps/CSP
Note that hosted apps don't have a CSP applied (unless you set CSP on the server which hosts the content), but privileged apps do. On May 7, 2013, at 11:36 AM, [email protected] wrote: > Hello, > > I am a member of a team in charge of building a packaged Firefox OS > application. > The application uses the AngularJS framework and its packaged inside a Zip > file. > > I added the Angular Directive ng-csp to the body of my application: > > <body ng-app="the-app" ng-csp> > > The Error is the following: > > // > //// > // > > 05-07 19:31:10.048: ERROR/GeckoConsole(1397): [JavaScript Error: "CSP ERROR: > Couldn't parse invalid source 'unsafe-inline'"] > 05-07 19:31:10.048: ERROR/GeckoConsole(1397): [JavaScript Warning: "CSP WARN: > Failed to parse unrecognized source 'unsafe-inline'"] That might be to do with CSP parser changes (the style directive in the CSP for Firefox OS does not support 'unsafe-inline', but inline styles are also not yet blocked), but I dont know why that would affect your app. > > <-- Dropped CSS tags --> > > 05-07 19:31:13.892: ERROR/GeckoConsole(1397): [JavaScript Error: "Error: call > to Function() blocked by CSP" {file: > "app://788ceebd-a9b7-4a98-a8b0-1ff248e40f52/scripts/vendor/d10639ae.angular.js" > line: 6337}] > 05-07 19:31:13.912: ERROR/GeckoConsole(1397): [JavaScript Warning: "CSP WARN: > Directive eval script base restriction violated" {file: > "app://788ceebd-a9b7-4a98-a8b0-1ff248e40f52/scripts/vendor/d10639ae.angular.js" > line: 6337 column: 0 source: "call to eval() or related function blocked by > CSP"}] > >From these, it looks like angular is trying to call Function and eval - both >should blocked by the default privilged app CSP, but I don't know why >angular's csp mode would be calling these. > // > //// > // > > After this error the App stops loading and nothing happens. > I removed all the "ng-bind-html-unsafe" binds but the problem still exists. > The app works on the Firefox OS Simulator however checking the apps > permissions in the Settings Menu reveals no permissions (maybe it is > installed as a Hosted App)? > > I managed to test the app using ("type": "hosted") in the manifest, however > since we require access to several privileged device API's (such as Contacts, > Notifications, Gallery, etc...) I would like to know if this is supposed to > happen when using Angular in CSP Safe mode. If it is a b2g or an AngularJS > issue or if it’s the case that the app is not being properly packaged. > > Bellow there is some information regarding the test case scenario: > > App Manifest (inside the packaged .zip file): > { > "version": "0.1", > "name": "FFOS Demo", > "type": "privileged", > "description": "App Demo", > "launch_path": "/index.html", > "icons": { > "128": "/assets/images/ffos.png" > }, > "developer": { > "name": "John Doe", > "url": "http://john.doe.com/"; > }, > "default_locale": "en", > "permissions": { > "contacts": { > "description": "Required to load and add contacts", > "access": "readcreate" > }, > "device-storage:pictures": { > "description": "Required to Share Files", > "access": "readcreate" > }, > "device-storage:music": { > "description": "Required to Share Files", > "access": "readcreate" > }, > "device-storage:videos": { > "description": "Required to Share Files", > "access": "readcreate" > }, > "device-storage:sdcard": { > "description": "Required to Share Files", > "access": "readcreate" > }, > "desktop-notification": {} > } > } > > Mini-Manifest (pointing to the .zip file): > { > "version": "0.1", > "name": "FFOS Demo", > "description": "App Demo", > "package_path": "/app.zip", > "developer": { > "name": "John Doe", > "url": "http://john.doe.com/"; > }, > "icons": { > "128": "/assets/images/ffos.png" > } > } > > Device Information > Model: roamer2 > Software: Boot2Gecko 1.1.0.0-pre-release > Build Identifier: 20130502095802 > Git Commit Info: 2013-05-01 19:51:17 > > I'm using Firefox OS Simulator 3 to push the apps to the device. > > Thanks in advance. > _______________________________________________ > dev-b2g mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
