Skip to content

Latest commit

 

History

History
61 lines (35 loc) · 2.55 KB

README.md

File metadata and controls

61 lines (35 loc) · 2.55 KB

Hello World PhoneGap Template bitHound Score

A PhoneGap Hello World template

Usage

PhoneGap CLI

The hello-world template is the default when you create a new application using the phonegap-cli.

phonegap create my-app

Create an app using this template specifically:

phonegap create my-app --template hello-world

To see a list of other available PhoneGap templates:

phonegap template list

<access ...> (All)

This template defaults to wide open access.

<access origin="*" />

It is strongly encouraged that you restrict access to external resources in your application before releasing to production.

For more information on whitelist configuration, see the Cordova Whitelist Guide and the Cordova Whitelist Plugin documentation

Content Security Policy (CSP)

The default CSP is similarly open:

<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *" />

Much like the access tag above, you are strongly encouraged to use a more restrictive CSP in production.

A good starting point declaration might be:

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: 'unsafe-inline' https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *" />

For more information on the Content Security Policy, see the section on CSP in the Cordova Whitelist Plugin documentation.

Another good resource for generating a good CSP declaration is CSP is Awesome