I'm training for Cordova application development and I turn around a problem with Content Security Policy.
My application is running with the Android emulator, but when I have to execute a javascript I get a message in NetBeans (output window).
Refused to execute inline event handler because it violates the following Content Security Policy directive: script-src 'self' https://ssl.gstatic.com. (22:35:56:126 | error, security)
at www/index.html:58
My code is below. This is my index.html.
I try to understand how CSP works and I think I understand the concept, but in this case, I don't understand the problem. Line 58 is the comment.
<html>
<head>
<meta http-equiv=Content-Security-Policy content=default-src 'self' * data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self'; script-src 'self' https://ssl.gstatic.com; media-src *>
<meta name=format-detection content=telephone=no>
<meta name=msapplication-tap-highlight content=no>
<meta name=viewport content=user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width>
<title>Hello World</title>
<link rel=stylesheet type=text/css href=css/index.css>
</head>
<body>
<div class=app>
<h1>Apache Cordova</h1>
<div id=deviceready class=blink>
<p class=event listening>Connecting to Device</p>
<p class=event received>Device is Ready</p>
</div>
</div>
<!--
line 58
-->
<button onclick=capturePhoto();>Capture Photo</button> <br>
<img style=display:none;width:80px;height:80px; id=smallImage src= />
<img style=display:none; id=largeImage src= />
<script type=text/javascript src=cordova.js></script>
<script type=text/javascript src=js/index.js></script>
</body>
</html>
By advance thanks for your help because I need it.
Jérôme