Solved

What is the syntax for Localhost in the meta tag Content Security Policy?

Posted on 2016-09-10
3
361 Views
Last Modified: 2016-09-13
I am developing a Phonegap application that not only runs on the phone but also on the desktop's browser.  The application needs to access the resources in the www directory and a few js files that reside on external sites.  So far my meta tag looks like this:

<meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' localhost:*/*  'self' *.shlepz.com  *.googleapis.com   https://www.youtube.com  *.gstatic.com  *.ytimg.com; ">

Open in new window

With this meta tag I am still receiving the error, "127.0.0.1/:195 Refused to connect to 'ws://127.0.0.1:8080//ws' because it violates the following Content Security Policy directive:

I have no idea what ws is.  How do I change the localhost entry in the meta tag to make the error go away?  To state the incredibly obvious, I don't know what the port number will be until the application is loaded.  Most of the time it is 8080 but not always.

Thank you for your time,
0
Comment
Question by:Michael David
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 28

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 41793866
The "ws://127.0.0.1:8080//ws" is a reference to localhost.  Also the CSP format is invalid based on the definition of the tag.  Best thing to do is to use a CSP generator.

Link:  http://cspisawesome.com/

Also, a few reference links:

1. https://content-security-policy.com/
2. http://www.html5rocks.com/en/tutorials/security/content-security-policy/
3. http://www.cspplayground.com/home

Dan
0
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41793867
I would try this in the meta tag:

default-src 'self' *.shlepz.com *.googleapis.com https://www.youtube.com *.gstatic.com *.ytimg.com;

Open in new window


Dan
0
 

Author Closing Comment

by:Michael David
ID: 41795752
It makes sense that a content security policy generator exists, but I didn't think of searching for it.  I was hand generating it.  Thank you so much for this link.
0

Featured Post

Linux Academy Android App Now Supports Chromecast

We have some fantastic news for our Android fans. We’re so excited to announce that the Linux Academy Android app is now available with Chromecast support. That’s right – simply download the latest update of the Linux Academy App and start casting your favorite course videos!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Part One of the two-part Q&A series with MalwareTech.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question