本文介绍了Cordova 内容安全策略的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个 Cordova 应用程序,在升级 (5.0.0) 后,我根本无法调用任何资源.我已经添加了白名单插件并将以下标签添加到 index.html

I have a Cordova app and after upgrading (5.0.0) it I'm unable to call any resource at all. I've added the whitelist plugin and added the following tag to index.html

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net localhost:1337 *.ajax.aspnetcdn.com">

我收到以下错误:

拒绝加载脚本'http://ajax.aspnetcdn.com/ajax/mobileservices/MobileServices.Web-1.2.5.min.js' 因为它违反了以下内容安全策略指令:script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net 本地主机:1337 *.ajax.aspnetcdn.com".

拒绝加载脚本'http://localhost:1337/vorlon.js' 因为它违反了以下内容安全策略指令:script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net localhost:1337 *.ajax.aspnetcdn.com".

Refused to load the script 'http://localhost:1337/vorlon.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net localhost:1337 *.ajax.aspnetcdn.com".

我已经尝试使用应该允许一切的默认策略,但仍然没有运气.

I've tried with the default policy that should allow everything, but still no luck.

我还在我的 config.xml 文件中添加了以下内容

I've also added the following to my config.xml file

<access origin="*" />
<allow-navigation href="*" />

并使用以下插件:

C:ProjectsTavlaApp>cordova plugin
com.microsoft.azure-mobile-services 1.2.7 "Windows Azure Mobile Services"
cordova-plugin-whitelist 1.0.1-dev "Whitelist"
nl.x-services.plugins.calendar 4.3.4 "Calendar"
nl.x-services.plugins.insomnia 4.0.1 "Insomnia (prevent screen sleep)"
org.apache.cordova.inappbrowser 0.6.0 "InAppBrowser"

知道要尝试什么吗?

推荐答案

我的插件/平台似乎有问题.

It seems like there was something wrong with my plugin/platform.

我删除了所有插件

   cordova platform rm android
   cordova platform add android

然后阅读插件,一切正常.

Then readded the plugins, and everything works.

这篇关于Cordova 内容安全策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-22 11:41
查看更多