[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

What is the syntax for Localhost in the meta tag Content Security Policy?

Posted on 2016-09-10
3
Medium Priority
?
901 Views
Last Modified: 2016-09-13
I am developing a Phonegap application that not only runs on the phone but also on the desktop's browser.  The application needs to access the resources in the www directory and a few js files that reside on external sites.  So far my meta tag looks like this:

<meta http-equiv="Content-Security-Policy" content="default-src 'unsafe-inline' localhost:*/*  'self' *.shlepz.com  *.googleapis.com   https://www.youtube.com  *.gstatic.com  *.ytimg.com; ">

Open in new window

With this meta tag I am still receiving the error, "127.0.0.1/:195 Refused to connect to 'ws://127.0.0.1:8080//ws' because it violates the following Content Security Policy directive:

I have no idea what ws is.  How do I change the localhost entry in the meta tag to make the error go away?  To state the incredibly obvious, I don't know what the port number will be until the application is loaded.  Most of the time it is 8080 but not always.

Thank you for your time,
0
Comment
Question by:Michael David
  • 2
3 Comments
 
LVL 29

Accepted Solution

by:
Dan McFadden earned 2000 total points
ID: 41793866
The "ws://127.0.0.1:8080//ws" is a reference to localhost.  Also the CSP format is invalid based on the definition of the tag.  Best thing to do is to use a CSP generator.

Link:  http://cspisawesome.com/

Also, a few reference links:

1. https://content-security-policy.com/
2. http://www.html5rocks.com/en/tutorials/security/content-security-policy/
3. http://www.cspplayground.com/home

Dan
0
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 41793867
I would try this in the meta tag:

default-src 'self' *.shlepz.com *.googleapis.com https://www.youtube.com *.gstatic.com *.ytimg.com;

Open in new window


Dan
0
 

Author Closing Comment

by:Michael David
ID: 41795752
It makes sense that a content security policy generator exists, but I didn't think of searching for it.  I was hand generating it.  Thank you so much for this link.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Spectre and Meltdown, how it affects me and my clients?
Why WooCommerce is one of the majorly favored choices when it comes to having an eCommerce store. This article will acquaint you with some reasons that I believe make it one of the best eCommerce platforms available.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question