Lunie: Check if we can enforce CSP on mobile

If we use the CSP in HTML this is automatically also valid in the app. So we should switch again to providing the CSP in index.html

https://github.com/apache/cordova-plugin-whitelist#content-security-policy

Yes, super relevant, in fact

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

Oops, we forgot to do this. But would be cool if we could have this, since now we will have users accounts.

I mean, but is this even needed within a mobile app? :shrug:

This is about avoiding that malicious code can be executed and connect to a remote source to transmit data

We should do this. It is actually easy: We need to move the CSP headers from netlify.toml to index.html. ALso gives us the possibility to remove netlify links in production

ALso gives us the possibility to remove netlify links in production

Mmm, not sure what do you mean by this? What links are we using now in production?

In production we are alloying *.netlify.app as a source which is not desired as this could be any site.

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

We didn't try this yet. It would be quite easy to do. Just always so busy

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

Oops, we never actually try this. But being an app it is already quite secure, isn't it?

Maybe it is OK. I think apps are environments secure enough