I am currently building an apache cordova mobile app through visual studio and have run into the problem of trying to run widgets through external scripts in my app. These scripts run fine in the browser simulator but once I try to run them on an apple device, the scripts do not load. I have researched into this problem and found that it usually has something to do with the content security policy, which I have attached below to help figure out the problem.
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; img-src 'self' * 'unsafe-inline' 'unsafe-eval'" />
What else could possibly be the problem as to why these widgets are not loading in my app? These are the scripts I am attempting to load inside of my app for your reference as well.
Have you a whitelist for online ressources?
A better approach would be to embed these ressources. Loading online scripts is really insecure. The server could send js, and get acces to you device through the cordova api.
<a href="https://cordova.apache.org/docs/de/latest/guide/appdev/whitelist/" rel="nofollow">https://cordova.apache.org/docs/de/latest/guide/appdev/whitelist/</a>Answer2:
Your src and href from the script and link tags should have an scheme (http or https), otherwise, when Cordova finds //, it will use it's default scheme, file:.
Add http: or https: to all your script and link tags and then it should work.