getting error to setup ngcordova firsttime

Question

I am using below code:

<html>
<head>
    <!--
    Customize this policy to fit your own app's needs. For more guidance, see:
        https://github.com/apache/cordova-plugin-whitelist/blob/master/README.md#content-security-policy
    Some notes:
        * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
        * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
        * Disables use of inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
            * Enable inline JS: add 'unsafe-inline' to default-src
    -->

    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
    <meta name="format-detection" content="telephone=no">
    <meta name="msapplication-tap-highlight" content="no">
    <meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">
    <link rel="stylesheet" type="text/css" href="css/index.css">
    <script type="text/javascript" src="js/angular.min.js"></script>
    <script type="text/javascript" src="js/ng-cordova.min.js"></script>
    <script type="text/javascript" src="cordova.js"></script>

    <script>
var app = angular.module('myApp', ['ngCordova']);
app.controller('MyCtrl', function($scope, $cordovaDevice) {

 alert("fgf);
})
</script>
</head>

<div ng-app="myApp" ng-controller="myCtrl">

  k
</div>

</body>
</html>

And during runtime I am getting below error. Please guide me how to fix it.

     "[INFO:CONSOLE(47)] "Received Event: deviceready", source:       file:///android_asset/www/js/index.js (47)
    04-23 11:06:19.444  17043-17043/com.example.hello I/chromium﹕ [INFO:CONSOLE(41)] "Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
        ", source: file:///android_asset/www/my.html (41)
    04-23 11:06:19.524  17043-17043/com.example.hello I/chromium﹕ [INFO:CONSOLE(35)] "Uncaught Error: [$injector:modulerr] http://errors.angularjs.org/1.3.14/$injector/modulerr?`enter code here`p0=myApp&p1=Error%3A%20%5B%24injector%3Anomod%5D%20http%3A%2F%2Ferrors.angularjs.org%2F1.3.14%2F%24injector%2Fnomod%3Fp0%3DmyApp%0A%20%20%20%20at%20Error%20(......1)", source: file:///android_asset/www/js/angular.min.js (35)"

When i include only angular js then without ngCordova module its working fine. — Ashish gupta
when i include angular js and cordova js then run time cordova.js giving error "No metatag found .. security whitelist porliy related issue" then i use metatag after that angular js giving mentioned error — Ashish gupta
It looks like that Content-Security-Policy is configured to block inline scripts. Remove the line and test again. — Eddy Verbruggen

mike__t mike__t · Accepted Answer · 2015-05-14T14:39:43

The last bullet in the comment is suggesting you change the content security policy to

 <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">

to allow inline scripts.

getting error to setup ngcordova firsttime

3 Answers