您需要在内容安全政策中添加不安全内联"；要么是default-src，要么是使用script-src的Java语言.因此，尝试以下操作:

You need to add 'unsafe-inline' to the Content-Security-Policy; either to the default-src or explicitly for Javascript using script-src. So try something like:

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">