[英]403 Forbidden doing AJAX POST from Cordova 5.0.0 app
I have a very simple Cordova app which attempts to do an AJAX POST. 我有一个非常简单的Cordova应用程序,它尝试执行AJAX POST。
The requested URL, simple.php, looks like this : 请求的URL simple.php看起来像这样:
<?php
header('Access-Control-Allow-Origin: *');
die ( json_encode ( array('result'=>'ok') ) );
?>
index.html is exactly this : index.html就是这样:
<head>
<script src="jquery.js"></script>
<script>
$(document).ready( function() {
$.ajax(
{
type: 'POST',
url: 'http://drawonthe.net/simple.php',
contentType: 'text/plain',
xhrFields: {
withCredentials: false
},
success: function(res) {
alert('got this res : ');
alert(JSON.stringify(res));
},
error: function(err) {
alert('got this fail : ');
alert(JSON.stringify(err));
}
});
});
</script>
</head>
<body>
</body>
My Cordova config.xml file includes the following : 我的Cordova config.xml文件包括以下内容:
<content src="index.html" />
<access origin="*" />
<allow-intent href="*" />
<allow-navigation href="*" />
<access origin="content:///*" />
My app includes the cordova-plugin-whitelist
plugin. 我的应用程序包括cordova-plugin-whitelist
插件。
I've experimented with various CSPs in index.html, but with no good result. 我已经在index.html中尝试了各种CSP,但是效果不佳。 Eg. 例如。
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; connect-src *; img-src *; style-src * 'unsafe-inline' ; media-src *; ">
When I access this HTML page locally (from file://) I get XMLHttpRequest cannot load http://drawonthe.net/simple.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.
当我从文件://本地访问此HTML页面时,我得到XMLHttpRequest cannot load http://drawonthe.net/simple.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.
XMLHttpRequest cannot load http://drawonthe.net/simple.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.
XMLHttpRequest cannot load http://drawonthe.net/simple.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.
and it returns {"readyState":0,"status":0,"statusText":"error"}
. XMLHttpRequest cannot load http://drawonthe.net/simple.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.
返回{"readyState":0,"status":0,"statusText":"error"}
。
When I access the HTML page via being hosted on a local server it works without complaint. 当我通过托管在本地服务器上访问HTML页面时,它可以正常工作而不会产生投诉。 (The correct response: "{\\"result\\":\\"ok\\"}"
) (正确的响应: "{\\"result\\":\\"ok\\"}"
)
When I run it as a Cordova App on either an Android or an iOS device I get {"readyState":4, "responseText":"<!DOCTYPE HTML PUBLIC \\" -//IETF//DTD HTML 2.0//EN\\">... blah blah ... 403 Forbidden ... , "status":403, "statusText": "Forbidden"}
. 当我在Android或iOS设备上将其作为Cordova应用程序运行时,我得到{"readyState":4, "responseText":"<!DOCTYPE HTML PUBLIC \\" -//IETF//DTD HTML 2.0//EN\\">... blah blah ... 403 Forbidden ... , "status":403, "statusText": "Forbidden"}
。
What's going on? 这是怎么回事? And how do I make this request work from the phone app? 以及如何通过电话应用程序使此请求生效?
This issue was resolved when I disabled ModSecurity on my server . 当我在服务器上禁用ModSecurity时,此问题已解决。
For me, I was able to do that via the cPanel access to my host: 对我来说,我可以通过对主机的cPanel访问来做到这一点:
cPanel > Security > ModSecurity cPanel>安全性> ModSecurity
I hope this helps others. 我希望这对其他人有帮助。
Thank you @jcesarmobile for pointing out the problem had to be with the server. 感谢@jcesarmobile指出问题必须出在服务器上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.