A QCObjects and PhoneGap Hello World template
The qcobjects-phonegap-app template is the default when you create a new application using the [phonegap-cli][phonegap-cli-url].
phonegap create myapp
Create an app using this template specifically:
phonegap create --name "myapp" --id "org.mydomain.phonegap.myapp" --template qcobjects-phonegap-app
To see a list of other available PhoneGap templates:
phonegap template list
Minimum SDK version supported on the target device. Maximum version is blank by default.
This template sets the minimum to 14
.
<preference name="android-minSdkVersion" value="14" />
This template defaults to wide open access.
<access origin="*" />
It is strongly encouraged that you restrict access to external resources in your application before releasing to production.
For more information on whitelist configuration, see the [Cordova Whitelist Guide][cordova-whitelist-guide] and the [Cordova Whitelist Plugin documentation][cordova-plugin-whitelist]
The default CSP is similarly open:
<meta http-equiv="Content-Security-Policy" content="default-src * 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *" />
Much like the access tag above, you are strongly encouraged to use a more restrictive CSP in production.
A good starting point declaration might be:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: 'unsafe-inline' https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *" />
For more information on the Content Security Policy, see the [section on CSP in the Cordova Whitelist Plugin documentation][cordova-plugin-whitelist-csp].
Another good resource for generating a good CSP declaration is [CSP is Awesome][csp-is-awesome]
Read more:
phonegap-cli-url cordova-app bithound-url config-xml index-html cordova-whitelist-guide cordova-plugin-whitelist cordova-plugin-whitelist-csp csp-is-awesome