Firefox OS CSP restrictions on privileged apps

2019-07-17 05:00发布

To test Firefox OS capabilities, I’m writing a privileged app that can have access to various APIs on the device, but I got stuck in the development. I hope you can help me, I cannot find any useful documentation... I’d like to have access to Google Maps APIs from my app, but this requires a script to be loaded outside of app package ( Something like <script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?....."></script> ). Because of CSP restrictions in privileged apps, this works just with the simulator, but on my device I cannot load these APIs. Is there any way to disable CSP restrictions (for test purposes only) or any walk around for this problem? I tried

<iframe src="frame.html" sandbox="allow-same-origin allow-scripts"></iframe>,

But neither frame.html is able to load these scripts...

2条回答
欢心
2楼-- · 2019-07-17 05:25

You can disable the default CSP restrictions only if you're building/flashing your own Gaia. Then you can add something like

pref("security.apps.privileged.CSP.default", "default-src *; script-src *; object-src 'none'; style-src *");

to the build/custom-prefs.js file on your Gaia directory. Note that this while you can do this, is probably not a good idea to actually do it since it won't work on any device that doesn't have your custom Gaia installed. Privileged apps need to have all the script resources included on the packaged app.

In your case, a better solution (and the only that would work on a real device) would be to fetch Google's code at build time and include it on your packaged app (so you use it as <script src='js/googlemapsapi.js'></script>or something like that).

查看更多
啃猪蹄的小仙女
3楼-- · 2019-07-17 05:30

To run on your device it must be reviewed, approved, and digitally signed by an authorized Marketplace. Then only your application will run on real device. For more information please click on the below link. i dont think that you can override this rule.

Click Here

查看更多
登录 后发表回答