[
https://issues.apache.org/jira/browse/CB-8927?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14518385#comment-14518385
]
ASF GitHub Bot commented on CB-8927:
------------------------------------
Github user dblotsky commented on a diff in the pull request:
https://github.com/apache/cordova-mobile-spec/pull/127#discussion_r29300643
--- Diff: www/csp-incl.js ---
@@ -49,7 +49,13 @@ if (!window._disableCSP) {
switch (PLAT) {
case 'android':
case 'ios':
- cspMetaContent = 'default-src \'self\'
https://ssl.gstatic.com/accessibility/javascript/android/; connect-src \'self\'
http://cordova-filetransfer.jitsu.com;frame-src \'self\' data: gap:; img-src
\'self\' data:; style-src \'self\' \'unsafe-inline\'';
+ case 'windows8':
+ cspMetaContent = 'default-src \'self\'
https://ssl.gstatic.com/accessibility/javascript/android/;' +
+ ' connect-src \'self\'
http://cordova-filetransfer.jitsu.com;' +
+ ' media-src \'self\'
http://cordova.apache.org/downloads/;' +
+ ' frame-src \'self\' data: gap:;' +
+ ' img-src \'self\' data:;' +
+ ' style-src \'self\' \'unsafe-inline\'';
--- End diff --
Even though the fact that this fixes things on Windows is actually really
valuable, the formatting is the best thing about this change. Small nit: might
be better to use double-quotes for the strings so you won't have to escape as
much.
> Add media to cspMeta content and windows
> ----------------------------------------
>
> Key: CB-8927
> URL: https://issues.apache.org/jira/browse/CB-8927
> Project: Apache Cordova
> Issue Type: Bug
> Components: mobile-spec
> Reporter: Murat Sutunc
> Assignee: Murat Sutunc
>
> Add ' media-src \'self\' http://cordova.apache.org/downloads/;' to CSP.
> Also include windows
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
