So, according to the docs:
For now, Meteor adds a permissive
<meta http-equiv="Content-Security-Policy" content="..."header to the generated index page
It actually doesn’t. Because the camera plugin presents me then with this after I’ve taken a photo using FILE_URI (as is recommended by Cordova):
chromium: [INFO:CONSOLE(1193)] "Refused to connect to ‘file:///storage/emulated/0/Android/data/foo/cache/1541246318348.jpg’ because it violates the following Content Security Policy directive: “default-src * gap: data: blob: ‘unsafe-inline’ ‘unsafe-eval’ ws: wss:”. Note that ‘connect-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
Great. And I can’t override that with a
<meta> tag of my own because the frickin’ whole thing then crashes on startup.
In essence, I can take a photo but can’t actually do anything with it.