Refused to load the script because it violates the following Content Security Policy directive

问题:

Hi when I tried to deploy my app onto devices with android system above 5.0.0, I kept getting this kind of error messages:

07-03 18:39:21.621: D/SystemWebChromeClient(9132): file:///android_asset/www/index.html: Line 0 : Refused to load the script 'http://xxxxx' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline'". 07-03 18:39:21.621: I/chromium(9132): [INFO:CONSOLE(0)] "Refused to load the script 'http://xxx' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline'".

However, if I deployed it to mobile device with android system of 4.4.x, the security policy works with default ones:

Then I thought, maybe, i should change to something like this:

Basically, both option doesn't work for for me. Does anybody have an idea of how to solve this issue?

Thanks!

回答1:

Try replacing your meta tag with this below:

Or in addition to what you have, you should add http://* to both style-src and script-src as seen above added after 'self'

回答2:

The auto-answer given by MagngooSasa did the trick, but for anyone else trying to understand the answer, here are a few bit more details:

When developing Cordova Apps with Visual Studio, I tried to import a remote javascript file [located here http://Guess.What.com/MyScript.js], but having the error mentioned in the title.

Here is the Meta tag BEFORE, in the index.html file of the project

Here is the CORRECTED meta tag, to allow importing a remote script :

and no more error!

回答3:

solved with

script-src 'self' http://xxxx 'unsafe-inline' 'unsafe-eval';  

回答4:

To elaborate some more on this adding

script-src 'self' http://somedomain 'unsafe-inline' 'unsafe-eval';     

To the meta tag like so

Fixes the error

回答5:

We used this:

文章来源: Refused to load the script because it violates the following Content Security Policy directive