[英]No Content-Security-Policy meta tag found error
我正在离子框架中构建我的应用程序。 我已经安装了cordova白名单插件,以下是我的config.xml,但仍然出现错误
I/chromium( 2446): [INFO:CONSOLE(173)] "No Content-Security-Policy meta tag found.
Please add one when using the cordova-plugin-whitelist plugin.", source:
file:///android_asset/www/plugins/cordova-plugin-console/www/console-via-logger.js (173)
我的config.xml是
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<widget id="com.ionicframework.public279104" version="0.0.1" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<name>public</name>
<description>
An Ionic Framework and Cordova project.
</description>
<author email="hi@ionicframework" href="http://ionicframework.com/">
Ionic Framework Team
</author>
<content src="index.html"/>
<!-- <allow-navigation href="*" /> -->
<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />
<allow-navigation href="data:*" />
<allow-intent href="*" />
<access origin="*"/>
<preference name="webviewbounce" value="false"/>
<preference name="UIWebViewBounce" value="false"/>
<preference name="DisallowOverscroll" value="true"/>
<preference name="android-minSdkVersion" value="16"/>
<preference name="BackupWebStorage" value="none"/>
<preference name="SplashScreen" value="screen"/>
<preference name="SplashScreenDelay" value="3000"/>
<feature name="StatusBar">
<param name="ios-package" value="CDVStatusBar" onload="true"/>
</feature>
<platform name="android">
<icon src="resources/android/icon/drawable-ldpi-icon.png" density="ldpi"/>
<icon src="resources/android/icon/drawable-mdpi-icon.png" density="mdpi"/>
<icon src="resources/android/icon/drawable-hdpi-icon.png" density="hdpi"/>
<icon src="resources/android/icon/drawable-xhdpi-icon.png" density="xhdpi"/>
<icon src="resources/android/icon/drawable-xxhdpi-icon.png" density="xxhdpi"/>
<icon src="resources/android/icon/drawable-xxxhdpi-icon.png" density="xxxhdpi"/>
<splash src="resources/android/splash/drawable-land-ldpi-screen.png" density="land-ldpi"/>
<splash src="resources/android/splash/drawable-land-mdpi-screen.png" density="land-mdpi"/>
<splash src="resources/android/splash/drawable-land-hdpi-screen.png" density="land-hdpi"/>
<splash src="resources/android/splash/drawable-land-xhdpi-screen.png" density="land-xhdpi"/>
<splash src="resources/android/splash/drawable-land-xxhdpi-screen.png" density="land-xxhdpi"/>
<splash src="resources/android/splash/drawable-land-xxxhdpi-screen.png" density="land-xxxhdpi"/>
<splash src="resources/android/splash/drawable-port-ldpi-screen.png" density="port-ldpi"/>
<splash src="resources/android/splash/drawable-port-mdpi-screen.png" density="port-mdpi"/>
<splash src="resources/android/splash/drawable-port-hdpi-screen.png" density="port-hdpi"/>
<splash src="resources/android/splash/drawable-port-xhdpi-screen.png" density="port-xhdpi"/>
<splash src="resources/android/splash/drawable-port-xxhdpi-screen.png" density="port-xxhdpi"/>
<splash src="resources/android/splash/drawable-port-xxxhdpi-screen.png" density="port-xxxhdpi"/>
</platform>
</widget>
为什么会这样呢? 我的应用也经常崩溃,并显示消息“很遗憾,您的应用停止了工作”
白名单可以允许/禁止网络的请求到/从从中科尔多瓦提供(web视图某些协议(例如,HTTP / HTTPS) UIWebView iOS和WebView为Android)。
但是,它不能过滤所有类型的请求(例如<video> , <media> ,套接字),因此需要Content-Security-Policy进行过滤。
这是通过HTML文件中的meta标记控制的:
<!-- Good default declaration:
* gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
* https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
* Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
* Enable inline JS: add 'unsafe-inline' to default-src
* Enable eval(): add 'unsafe-eval' to default-src
-->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
<!-- Allow requests to foo.com -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
<!-- Enable all requests, inline styles, and eval() -->
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
<!-- Allow XHRs via https only -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
<!-- Allow iframe to https://cordova.apache.org/ -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
更多信息: https : //github.com/apache/cordova-plugin-whitelist
编辑:关于您的应用程序为什么继续崩溃的问题,我无法确定提供的信息的原因,因此我需要更多信息。
它与Content-Security-Policy无关。
也许一些Android / iOS日志会有所帮助。
流星错误:找不到Content-Security-Policy元标记。 使用cordova-plugin-whitelist插件时,请添加一个
[英]Meteor error: No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin
Phonegap错误 - “未找到Content-Security-Policy元标记。 使用cordova-plugin-whitelist插件时请添加一个。“
[英]Phonegap Error - “No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.”
未找到 Ionic Content-Security-Policy(但已包含)
[英]Ionic Content-Security-Policy not found (but is included)
Ionic2 / Cordova-未找到内容安全策略元标记。 使用cordova-plugin-whitelist插件时,请添加一个
[英]Ionic2/Cordova - No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin
Cordova的内容安全策略不加载外部脚本和样式表(404错误)
[英]Content-Security-Policy for Cordova not loading external scripts and stylesheets (404 error)
来自 android_asset 的“Content-Security-Policy”、“frame-ancestors *”
[英]"Content-Security-Policy", "frame-ancestors *" from android_asset
http-equiv Content-Security-Policy 适用于浏览器但不适用于 android 设备 - IONIC
[英]http-equiv Content-Security-Policy works in browser but not on android device - IONIC
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.