Solved

What is the syntax for Localhost in the meta tag Content Security Policy?

Posted on 2016-09-10
3
106 Views
Last Modified: 2016-09-13
I am developing a Phonegap application that not only runs on the phone but also on the desktop's browser.  The application needs to access the resources in the www directory and a few js files that reside on external sites.  So far my meta tag looks like this:

<meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' localhost:*/*  'self' *.shlepz.com  *.googleapis.com   https://www.youtube.com  *.gstatic.com  *.ytimg.com; ">

Open in new window

With this meta tag I am still receiving the error, "127.0.0.1/:195 Refused to connect to 'ws://127.0.0.1:8080//ws' because it violates the following Content Security Policy directive:

I have no idea what ws is.  How do I change the localhost entry in the meta tag to make the error go away?  To state the incredibly obvious, I don't know what the port number will be until the application is loaded.  Most of the time it is 8080 but not always.

Thank you for your time,
0
Comment
Question by:Michael David
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 41793866
The "ws://127.0.0.1:8080//ws" is a reference to localhost.  Also the CSP format is invalid based on the definition of the tag.  Best thing to do is to use a CSP generator.

Link:  http://cspisawesome.com/

Also, a few reference links:

1. https://content-security-policy.com/
2. http://www.html5rocks.com/en/tutorials/security/content-security-policy/
3. http://www.cspplayground.com/home

Dan
0
 
LVL 26

Expert Comment

by:Dan McFadden
ID: 41793867
I would try this in the meta tag:

default-src 'self' *.shlepz.com *.googleapis.com https://www.youtube.com *.gstatic.com *.ytimg.com;

Open in new window


Dan
0
 

Author Closing Comment

by:Michael David
ID: 41795752
It makes sense that a content security policy generator exists, but I didn't think of searching for it.  I was hand generating it.  Thank you so much for this link.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now