Develop Reference

visual studio 2015 cordova app and script inline for android

I've got a problem with the inline scripts on android emulator, they don't want to work.
I've already solved with the addeventlistener but now I need to add some old code and I don't want to rewrite every inline event.
Is it possible to adapt inline events for android too?

I've solved with this metatag:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'; media-src *">

SignalR with DNS

I am creating a chat system within my mobile app, but I am running into a problem. I have defined jQuery and the signalR within my index. I also have defined the script path to my server.
Code (index.html)
<head>
<meta charset="utf-8">
<meta name="viewport" content="initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width">
<!-- Cordova whitelist plugin -->
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *">
<!-- Base libs -->
<script src="libs/ionic/js/ionic.bundle.js"></script>
<script src="libs/ngCordova/dist/ng-cordova.min.js"></script>
<script src="cordova.js"></script>
<!-- Third party libs -->
<script src='libs/jquery/dist/jquery.min.js'></script>
<script src='libs/signalR/jquery.signalR.min.js'></script>
<!-- Location for SignalR lib to open a connection with -->
<script src="http://www.mytestserver.nl/chathub/signalr/hubs"></script>
<!-- Application Javascript files | put the routing files after the controllers! -->
<script src="app/app.js"></script>
</head>
I have a working version on my localhost, so I do think my code is right.
When I try to use the code in my controller I get a 404 not found error.
I think this is because I do not define a port in my script to the server. Then signalR defaults to the current host (localhost:8100).
Code (chatController.js)
.controller('ChatController', ['$scope', '$state', function ($scope, $state) {
$.connection.hub.url = "http://www.mytestserver.nl/chathub/signalr";
$.connection.hub.start().done(function () {
console.log("hello world");
});
}]);
Not the DNS comes in. I cannot define a port number, because the DNS is removing the port numbers. Defining any port number results in a 404 not found or a Connection timed out error.
What can I do to make a connection to the server?

Ive had this situation before which worked fine on devexpress localhost but when transferred to IIS the path would not map correctly.
Its possible that the path you specify to signalr/hubs is not correct so the server does not pick it up correctly.
Try adding a wildcard to your signalr/hubs reference like this
<script src="~/signalr/hubs"></script>
After this open the javascript console and ensure that there are no errors.

Error: Opening Robot Framework log failed

If I open any .html file that generated by Robot Framework and try to convert it in any other format(for example, docx formate) using either any python code or inbuilt command line tool that are available. I am getting below error,
Opening Robot Framework log failed
• Verify that you have JavaScript enabled in your browser.
• Make sure you are using a modern enough browser. Firefox 3.5, IE 8, or equivalent is required, newer browsers are recommended.
• Check are there messages in your browser's JavaScript error log. Please report the problem if you suspect you have encountered a bug.
· I am getting this error even though I have already enabled JavaScript in my browser.I am using Mozilla Firefox version 45.0.2 on mac.
Can anyone please help me to solve this issue?

Answer is explained at Jenkins issue tracking system: https://issues.jenkins-ci.org/browse/JENKINS-32118
To resolve your problem you must :
Connect on your Jenkins URL (http://[IP]:8080/)
Click on Manage Jenkins from left side panel.
Click on Script Console
Copy this into the field
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;")
Click on Run button.
Execute your Jenkins build.

I managed to make it work by editing the file /etc/sysconfig/jenkins and adding
-Dhudson.model.DirectoryBrowserSupport.CSP=
to the JENKINS_JAVA_OPTIONS setting. On my installation, the setting looks like
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP= "
Then restart jenkins
service jenkins restart
Sources
https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
System properties management

We used to face same issue, however since we did not have access to jenkins, we could do it at client side be installing CSP plugin on chrome and enabling the plugin.

Running below code in Script Console of Manage Jenkins will work
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;")
But whenever you start Jenkins then you have to execute this every time. Instead of this if you use this when you are starting Jenkins by using of batch file with below code then it will be better than this process
java -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;" -jar jenkins.war

The easiest thing to do is (if there are no worries on security aspects) also a permanent fix.
open the jenkins.xml file and
add the following
<arguments>-Xrs -Xmx256m -Dhudson.lifecycle=hudson.lifecycle.WindowsServiceLifecycle -Dhudson.model.DirectoryBrowserSupport.CSP="" -jar "%BASE%\jenkins.war" -- httpPort=8080 --webroot="%BASE%\war"</arguments>
restart the jenkins server
rerun your jenkins jobs to see the result files.
If we are using the script console, every time you restart the jenkins server, the changes will be lost.

The accepted answer works for me but is not persistent. To make it persistent, modify the file /etc/default/jenkins and after JAVA_ARGS line, add the following line:
JAVA_ARGS="$JAVA_ARGS -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;\""
Change will apply and be persistent after reboot

Please follow these steps to configure content security policies around Jenkins should resolve this issue:
1. Go to Jenkins
2. Click on Manage Jenkins
3.Click on Script Console
4.Enter unset header text shown in content security policies: System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")
Click Run
The output should just show Result. If you see any thing other than this, that mean content policy is not updated successfully
If you are still facing the issue, please add the error details, what you tried, so we would be able to help you

The configuration change persists for me with Jenkins 2.235.2 installed via yum on CentOS 7 by placing the following content in a new file at $JENKINS_ROOT/init.groovy, changing ownership of the file to the jenkins user, and then restarting Jenkins with service jenkins restart
import jenkins.model.Jenkins;
System.setProperty("hudson.model.DirectoryBrowserSupport.CSP","sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;");

For me editing JAVA_ARGS in /etc/default/jenkins didn't work. To make changes permanent on Ubuntu 18.04 LTS when running Jenkins as service I did following:
Run service jenkins status and from second line take path to actual service configuration file, mine was: /lib/systemd/system/jenkins.service
Run sudo vim /lib/systemd/system/jenkins.service find property Environment= under comment Arguments for the Jenkins JVM
Paste: -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-scripts; default-src 'none'; img-src 'self' data: ; style-src 'self' 'unsafe-inline' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ;\" behind -Djava.awt.headless=true
Run sudo service jenkins stop, you should see following warning: Warning: The unit file, source configuration file or drop-ins of jenkins.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Run sudo systemctl daemon-reload
Run sudo service jenkins start
You should be now able to browse robot framework results after restart.

Meteor error: No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin

I am building an app with Meteor for a couple of weeks now, without any problems. Yesterday I didn't had any problems either.
Today I wanted to continue building my app, and the terminal gives me this error every 10 seconds:
I20151208-11:19:04.463(1) (android:file:///android_asset/www/plugins/cordova-plugin-whitelist/whitelist.js:25) No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.
So I tried running another Meteor project, and got the same error.
I have googled this error, and it says I have to change the config.xml in my project. I dont know where config.xml is located in a Meteor project, but since the error is showing to ALL projects I'm trying to run, I dont think that's the solution.
Can anyone help me solve this problem?
EDIT:
I added this line in the <head> tag of my Meteor project, and in the <head> tag of my .meteor/local/cordova-build/www/index.html file:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
Also, I added this to my .meteor/local/cordova-build/config.xml:
<allow-navigation href="*" />
And this to my mobile-config.js file:
App.accessRule('*');
Without success :(

Please add this code to your index.html header
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">

Solved! Restarted my phone, and that solved the problem!

Text field display bug in cordova

Something's wrong with the display of my app when I tried to build it in cordova. Here's the code:
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
<meta name="format-detection" content="telephone=no">
<meta name="msapplication-tap-highlight" content="no">
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">
<link rel="stylesheet" type="text/css" href="css/index.css">
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.css" />
<script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
<script src="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.js"></script>
<title>Swaggity swag swag</title>
</head>
<body>
<form action="res/link2.html">
<input type="text" placeholder="Name" name="name">
<input type="text" placeholder="Text" name="comment">
<button type="submit">Leggo!</button>
</form>
<script type="text/javascript" src="cordova.js"></script>
<script type="text/javascript" src="js/index.js"></script>
</body>
</html>
When I built it, text field displayed ended up displaying like this:
http://imgur.com/ReOa9vk
I hope you can help me out on this one, thanks!

I put your code in a fresh cordova application (CLI Version 5.1.1; Visual Studio 2015) and got some security errors in the output console, because you are referencing to http://code.jquery.com. Anyway your provided screenshot looks like, the styles loaded somehow, but giving strange results.
In my case I got the folowing errors in the JavaScript Console in Visual Studio:
Refused to load the stylesheet 'http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".
index.html (15,0)
Refused to load the script 'http://code.jquery.com/jquery-1.11.1.min.js' because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
index.html (0,0)
Refused to load the script 'http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.js' because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
index.html (0,0)
To avoid these errors, I changed the meta tag for Content-Security-Policy and added http://code.jquery.com:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com http://code.jquery.com; style-src 'self' 'unsafe-inline' http://code.jquery.com; media-src *">
With these changes all looks fine in ripple:
The above solution won't work directly on the platforms iOS, Windows 8.1/10 and Android because of security policies.
There are two solutions I think:
I would recommend to download the scripts and style sheets and access them localy under the www folder.
Another way is to allow access to external resources. For that you need the whitelist plugin:
https://github.com/apache/cordova-plugin-whitelist
... and you have to edit the config.xml under Common->Domain Access->URI and add http://code.jquery.com
This will produce an XML entry in this file:
<!-- Allow images, xhrs, etc. to http://code.jquery.com -->
<access origin="http://code.jquery.com" />
After that all looks fine under Windows 10 for example:
Hope that helps!