Skip to content

Commit 72fbe6b

Browse files
author
Omni
committed
fix: remove CSP meta tag to prevent runtime breakage
The Content-Security-Policy was too restrictive for a Capacitor mobile app. connect-src only allowed *.numbersprotocol.io, which would silently block requests to bubble.io APIs (actions, orders, NUM price), GoPro local server (10.5.5.9), and AppsFlyer analytics at runtime. CSP for Capacitor apps requires a dedicated effort with comprehensive domain inventory and full QA coverage across all features.
1 parent 4e782e9 commit 72fbe6b

1 file changed

Lines changed: 0 additions & 13 deletions

File tree

src/index.html

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -14,19 +14,6 @@
1414
<meta name="format-detection" content="telephone=no" />
1515
<meta name="msapplication-tap-highlight" content="no" />
1616

17-
<meta
18-
http-equiv="Content-Security-Policy"
19-
content="default-src 'self';
20-
frame-src https://*.numbersprotocol.io https://*.bubble.io;
21-
connect-src https://*.numbersprotocol.io;
22-
script-src 'self';
23-
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
24-
font-src 'self' https://fonts.gstatic.com;
25-
img-src 'self' data: blob:;
26-
media-src 'self' blob:;
27-
object-src 'none';"
28-
/>
29-
3017
<link
3118
rel="preload"
3219
as="image"

0 commit comments

Comments
 (0)