browser-policy missunderstanding

Ingus Štāls

unread,

Oct 23, 2014, 11:13:08 AM10/23/14

to meteo...@googlegroups.com

I'm trying to improve security in meteor app and I add browser-policy package. So from that moment Im not able to get facebook graph images and google scripts.

The question is .. where I can manage Browser Policy rules?

I tried it in server side /server/config.js file, but nothing happens..

the line I add was

BrowserPolicy.content.allowInlineScripts();

Thanks for Your help.

Ingus Štāls

unread,

Oct 23, 2014, 11:14:53 AM10/23/14

to meteo...@googlegroups.com

get those errors in console

Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Duru+Sans|Roboto+Slab:700,400&subset=latin,latin-ext,vietnamese' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'".

Refused to load the script 'http://connect.facebook.net/en_US/sdk.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".

2Refused to load the image 'http://graph.facebook.com/picture/?type=large' because it violates the following Content Security Policy directive: "img-src data: 'self'".

Randell S. Hynes

unread,

Oct 23, 2014, 12:20:59 PM10/23/14

to meteo...@googlegroups.com

This should take care of #2 and #3?

BrowserPolicy.content.allowOriginForAll("*.facebook.com");

I use this for #1:

BrowserPolicy.content.allowOriginForAll("*.googleapis.com");

Reply all

Reply to author

Forward