VS2013 Cordova插件和Azure网站的X-Frame-Options标头问题
[英]VS2013 Cordova plugin and X-Frame-Options header issues with Azure websites
问题描述
Perhaps I am going about this wrong but here is the situation. 
也许我正在解决这个错误,但这是情况。
I have a web app that we made in c# mvc5 and AngularJS. 我有一个用c#mvc5和AngularJS制作的Web应用程序。 All of this works fine. 所有这些都很好。 We want to have native apps also, mostly to update our older ios and android apps to the new version. 我们还希望拥有本机应用程序,主要是将我们较旧的ios和android应用程序更新到新版本。
I installed the cordova tools for VS2013 and that seems to be working but we want to be able to call the same C# controllers to get the data in the native apps. 我安装了VS2013的cordova工具,该工具似乎可以正常工作,但我们希望能够调用相同的C#控制器来获取本机应用程序中的数据。
The issue I am having is that we are hosted on azure and they are forcing the X-Frame-Options header to 'SAMEORIGIN' even when I specifically clear or remove it using the web.config. 我遇到的问题是,我们托管在azure上,即使我使用web.config特别清除或删除了X-Frame-Options标头,它们也将其强制设置为“ SAMEORIGIN”。 The best I can get is for it to have both SAMEORIGIN and ALLOW_FROM myuri which is not going to work either. 我能得到的最好的结果是同时拥有SAMEORIGIN和ALLOW_FROM myuri,它们也不起作用。
I have tried to set the domain to the same value as our azure site in the cordova project but it says that is not a valid value. 我试图将域设置为与cordova项目中我们的azure站点相同的值,但是它说这不是有效值。
web.config web.config中
<customHeaders xdt:Transform="Replace">
<clear/>
<add name="X-Frame-Options" value="ALLOW-FROM myuri" />
</customHeaders>
I have tried this with and without the transform and in the standard config and the release/debug versions. 我已经尝试了是否进行转换,以及是否在标准配置和发行/调试版本中进行了转换。 I also used the remove syntax and that doesnt work either. 我还使用了remove语法,但也不起作用。 All of these result in the same result of both values existing. 所有这些都会导致两个值都存在相同的结果。 I can only guess that azure is trying to 'protect me from myself' 我只能猜到天青正试图“保护我自己不受保护”
I have also verified the domain in azure management tools, which is supposed to 'whitelist' it but that doesnt work either. 我还在azure管理工具中验证了该域,该域应该将其“列入白名单”,但这也不起作用。
here is the error that I get in VS: 这是我在VS中遇到的错误:
Refused to display 'http://myuri/Home' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
And this when I add ALLOW_FROM: 而这当我添加ALLOW_FROM时:
Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, ALLOW-FROM myuri') encountered when loading 'http://myuri/Home
1 个解决方案
解决方案1
0 2018-03-20 17:47:49
I went through the same problem. 我遇到了同样的问题。
According to the accepted answer of this thread , you have to whitelist the website you want to visit within your app in your config.xml, like this: 根据此线程的公认答案,您必须在config.xml中将要访问的网站列入白名单,如下所示:
<access origin="https://*.domain.fr" />
<allow-navigation href="https://*.domain.fr/*" />
Note that if you run your cordova app within cordova-simulate, this won't work. 请注意,如果您在cordova-simulate中运行cordova应用程序,则将无法使用。 To check whether it's working or not, you need to use cordova run and test it on your phone. 要检查其是否正常工作,您需要使用cordova run并在手机上对其进行测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.