I learned about Content Security policy (CSP) while working on a project involving a Cordova mobile app which needed to communicate with a back end server I wrote in NodeJS. So I figured I would share with anyone running into this type of issue. So when I had my server deployed at a url like http://x.y.z:8080 Without additional configuration, my app would not be able to communicate with the server successfully and I would get a blank screen or some other behavior I did not expect. When debugging (in this case using Safari developer tools because this was Cordova with iOS), I found the calls were getting blocked with this error After referring to these documents, https://developers.google.com/web/fundamentals/security/csp/ https://cordova.apache.org/docs/en/latest/reference/cordova-plugin-whitelist/ I did the following to resolve the issue First I added code like this to my nodejs express app.js file to setup the server to send the correct Cross origin headers re
I want to learn something new every day, but can I?