Turnkey extra meta tags

To inject extra meta tags into your Turnkey application, create a file like this:


Example of the meta tag you want to inject:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'">

The above meta tag knocks out inline scripts and inline styles. Even if knocking out inline scripts might be ok (because standard Turnkey does not depend on them), knocking out inline styles is more problematic since Bootstrap and Angularjs depend on the need to change styles dynamically via DOM manipulation. See this: https://stackoverflow.com/questions/42401952/inline-style-error-with-content-security-policy-and-javascript

A more realistic security policy meta tag is this:

<meta http-equiv="Content-Security-Policy" content="style-src 'unsafe-inline' 'self'; default-src 'self'">

If the file is found, the contents are read and injected after the standard meta tags.

Use the AssetsTK strategy to inject your file into the application.

This page was edited 28 days ago on 06/17/2024. What links here