I'm running the Firefox OS v2.2
simulator on my Firefox 42.0
.
My app was running fine on it some months ago, but now I get this error and it refers to handlebars.js
.
It says: Content Security Policy: The page's settings blocked the loading of a resource at self ("script-src app://50d74c3c-64ca-402e-9d0a-47f0cb9f378c"). handlebars-v4.0.5.js:3562:0
and the message is call to Function() blocked by CSP
.
I use cordova 5.4.1
, require-js
, handlebars 4.0.5
and other js plugins.
Could it be related to my Firefox main browser? I mean, if I edit the about:config
menu and change security.csp.enable
to false
could it be helpful?
Any advice for this problem?
Thanks
edit:
here is the first lines of my index.html
:
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="format-detection" content="telephone=no" />
<meta name="viewport" content="user-scalable=no, width=device-width, initial-scale=1, maximum-scale=1, minimum-scale=1, target-densitydpi=device-dpi" />
So I have no Content-Security-Policy
tag in my index.html
.
CSP is enforced if your app type is privileged. Check your app type in your app manifest, and make sure it's not privileged if you don't need to use special permissions. Otherwise, if you need a privileged app, you have to get rid of the CSP violations in your code and also in the libraries you use. I've had a hard time with CSP since in my app I wanted to use special permissions due to camera access (MozCameras). I simply couldn't make my app work with require.js, so I got rid of it, and now everything works fine.