[英]Cordova load external content from server
There are many (nearly) similar questions, but none of them solved my issue.有很多(几乎)类似的问题,但没有一个解决了我的问题。
I'm writing a cordova app (currently only testing on andoid and ios), and want to load data (in JSON-format) from my webserver.我正在编写一个cordova 应用程序(目前仅在andoid 和ios 上进行测试),并且想要从我的网络服务器加载数据(以JSON 格式)。 I use jQuerys $.ajax
- method for that.我使用 jQuerys $.ajax
- 方法。
My code so far:到目前为止我的代码:
$.support.cors = true;
var ret = -1;
$.ajax(url, {
traditional: true,
type: 'POST',
url: url,
contentType: 'text/plain',
xhrFields: {
withCredentials: false
},
data: dataString,
success: function (data) {
alert('Data recieved:');
alert(data);
ret = data;
},
error: function (xhr, ajaxOptions, error) {
alert('There was an error');
alert(error);
alert(xhr.status);
}
});
return ret;
This works on browsers (tested in latest Firefox), but not in the app.这适用于浏览器(在最新的 Firefox 中测试),但不适用于应用程序。 The error seems to be about cross origin page loading.该错误似乎与跨源页面加载有关。
My config.xml looks like this:我的 config.xml 看起来像这样:
...
<plugin name="cordova-plugin-whitelist" spec="1" />
<access origin="*" />
...
The server is accepting cors-requests via header (otherwise it probably wouldn't work in the browser):服务器通过标头接受 cors 请求(否则它可能无法在浏览器中工作):
<?php
header('Access-Control-Allow-Origin: *');
...
but stil: cordova doesn't want to load anything.但仍然:cordova 不想加载任何东西。 The alert(error);
alert(error);
- line shows this: - 行显示:
SecurityError: Failed to execute 'open' on 'XMLHttpRequest': Refused to connect to ' https://myHost.com/?someparams=foo ' because it violates the document's Content Security Policy SecurityError: Failed to execute 'open' on 'XMLHttpRequest': Refused to connect to ' https://myHost.com/?someparams=foo ' 因为它违反了文档的内容安全策略
What problem has cordova with this?科尔多瓦对此有什么问题?
You might have to set the Content Security Policy in index.html to allow for requests towards the domain hosting your services.您可能必须在 index.html 中设置内容安全策略,以允许向托管您的服务的域发出请求。
<meta http-equiv="Content-Security-Policy" content="default-src 'self' <enter-your-domain-here> data: gap: https://ssl.gstatic.com;">
The readme of cordova-plugin-whitelist has more examples. cordova-plugin-whitelist的 readme 有更多的例子。
More info about the Content Security Policy meta tag can be found here .可以在此处找到有关内容安全策略元标记的更多信息。
Based on the answer of @toskv
.基于@toskv
的回答。 Check if your HTML-Pages in Cordova include following meta-tag: <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
.检查您在 Cordova 中的 HTML 页面是否包含以下元标记: <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
。 The meta-tag is added by Cordova by default and prevents CORS from working (as you can see only self
is allowed for default-src
).默认情况下,元标记由 Cordova 添加并阻止 CORS 工作(如您所见, default-src
仅允许self
)。
Use the links from @toskv
to learn more.使用来自@toskv
的链接了解更多信息。
The readme of cordova-plugin-whitelist has more examples. cordova-plugin-whitelist的 readme 有更多的例子。
More info about the Content Security Policy meta tag can be found here .可以在此处找到有关内容安全策略元标记的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.