javascriptcordovafirefox-os

Firefox OS simulator - call to Function() blocked by CSP


I'm running the Firefox OS v2.2 simulator on my Firefox 42.0. My app was running fine on it some months ago, but now I get this error and it refers to handlebars.js.

It says: Content Security Policy: The page's settings blocked the loading of a resource at self ("script-src app://50d74c3c-64ca-402e-9d0a-47f0cb9f378c"). handlebars-v4.0.5.js:3562:0 and the message is call to Function() blocked by CSP.

I use cordova 5.4.1, require-js, handlebars 4.0.5 and other js plugins.

Could it be related to my Firefox main browser? I mean, if I edit the about:config menu and change security.csp.enable to false could it be helpful?

Any advice for this problem?

Thanks

edit:

here is the first lines of my index.html:

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="format-detection" content="telephone=no" />
<meta name="viewport" content="user-scalable=no, width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1, target-densitydpi=device-dpi" />

So I have no Content-Security-Policy tag in my index.html.


Solution

  • CSP is enforced if your app type is privileged. Check your app type in your app manifest, and make sure it's not privileged if you don't need to use special permissions. Otherwise, if you need a privileged app, you have to get rid of the CSP violations in your code and also in the libraries you use. I've had a hard time with CSP since in my app I wanted to use special permissions due to camera access (MozCameras). I simply couldn't make my app work with require.js, so I got rid of it, and now everything works fine.