Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'"
I also faced such type of problem when working with LinkedIn oAuth API.
I was using linkedIn API with following settings for cordova
config.xml
<access origin="*" launch-external="yes"/> <allow-navigation href="*" />
Meta Tag was
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
Script
<script type="text/javascript" src="http://platform.linkedin.com/in.js"></script>
When i run the application on emulator its giving
Fixed Problem to add uri into meta tag http://platform.linkedin.com like
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://platform.linkedin.com ">
It can be reason if you have this code in your htaccess. CommentOut this can fix your issue
<IfModule mod_headers.c> Header set Content-Security-Policy "script-src 'self' https://www.example.com/"</IfModule>