我正在使用Cordova的浏览器平台,我也在我的html代码中使用cordova-plugin-whitelist
和Content-Security-Policy
标签。但我在控制台中得到以下错误:
JQMIGRATE: Migrate is installed, version 3.0.0
adding proxy for Device
SEC7118: XMLHttpRequest for http://app.jpcomplex.com/appserver/?ios=1&username=&devid=1551073647241314 required Cross Origin Resource Sharing (CORS).
index.html
SEC7120: Origin http://localhost:8000 not found in Access-Control-Allow-Origin header.
index.html
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied.
index.html
这是我的config.xml:
<?xml version='1.0' encoding='utf-8'?>
<widget id="io.cordova.hellocordova" version="1.0.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<name>HelloCordova</name>
<description>
A sample Apache Cordova application that responds to the deviceready event.
</description>
<author email="[email protected]" href="http://cordova.io">
Apache Cordova Team
</author>
<content src="index.html" />
<access origin="*" />
<allow-navigation href="http://app.jpcomplex.com/*" />
<allow-navigation href="*" />
<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />
<allow-navigation href="data:*" />
<allow-intent href="http://app.jpcomplex.com/*" />
<allow-intent href="*" />
<plugin name="cordova-plugin-x-toast" spec="^2.7.2" />
<plugin name="cordova-plugin-dialogs" spec="^2.0.1" />
<plugin name="cordova-plugin-nativestorage" spec="^2.3.2" />
<plugin name="cordova-plugin-device" spec="^2.0.2" />
<plugin name="cordova-plugin-whitelist" spec="^1.3.3" />
<engine name="browser" spec="^5.0.4" />
<engine name="android" spec="^7.1.4" />
<engine name="ios" spec="^4.5.5" />
</widget>
这是元标记:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
这是我的ajax请求:
$.get("http://app.jpcomplex.com/appserver/",{ios:1,username:'test'},function(data){
alert(data);
});
我该怎么办呢?
我的meta CSP是
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:; connect-src *;">
我通常可以连接到我的端点,也许尝试删除/ * in
<allow-navigation href="http://app.jpcomplex.com" />
我刚看到这个
SEC7120:在Access-Control-Allow-Origin标头中找不到原点http://localhost:8000。
您需要在服务器上启用CORS(http://app.jpcomplex.com)。看看这个网站:http://enable-cors.org/
您需要做的就是向服务器添加HTTP标头:
Access-Control-Allow-Origin:http://localhost:8000或者,为简单起见:
Access-Control-Allow-Origin:*