What is the syntax for Localhost in the meta tag Content Security Policy?

I am developing a Phonegap application that not only runs on the phone but also on the desktop's browser.  The application needs to access the resources in the www directory and a few js files that reside on external sites.  So far my meta tag looks like this:

<meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' localhost:*/*  'self' *.shlepz.com  *.googleapis.com   https://www.youtube.com  *.gstatic.com  *.ytimg.com; ">

Open in new window

With this meta tag I am still receiving the error, "127.0.0.1/:195 Refused to connect to 'ws://127.0.0.1:8080//ws' because it violates the following Content Security Policy directive:

I have no idea what ws is.  How do I change the localhost entry in the meta tag to make the error go away?  To state the incredibly obvious, I don't know what the port number will be until the application is loaded.  Most of the time it is 8080 but not always.

Thank you for your time,
Michael DavidAsked:
Who is Participating?
 
Dan McFaddenSystems EngineerCommented:
The "ws://127.0.0.1:8080//ws" is a reference to localhost.  Also the CSP format is invalid based on the definition of the tag.  Best thing to do is to use a CSP generator.

Link:  http://cspisawesome.com/

Also, a few reference links:

1. https://content-security-policy.com/
2. http://www.html5rocks.com/en/tutorials/security/content-security-policy/
3. http://www.cspplayground.com/home

Dan
0
 
Dan McFaddenSystems EngineerCommented:
I would try this in the meta tag:

default-src 'self' *.shlepz.com *.googleapis.com https://www.youtube.com *.gstatic.com *.ytimg.com;

Open in new window


Dan
0
 
Michael DavidAuthor Commented:
It makes sense that a content security policy generator exists, but I didn't think of searching for it.  I was hand generating it.  Thank you so much for this link.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.