$.ajax POST 返回“状态":403,“状态文本":“禁止"科尔多瓦机器人 [英] $.ajax POST returning "status":403,"statusText":"Forbidden" cordova android
问题描述
我正在使用 jquery.mobile-1.4.3.js 和 cordova.3.5.0 开发 Android phonegap 应用程序.
我正在为 Web 服务调用 $ajax.下面是一个代码片段.
$.ajax({类型:'POST',数据:登录数据,跨域:真,数据类型:'json',超时:50000,url: 'https://dsp-wasatchtechies.cloud.dreamfactory.com/rest/user/session?app_name=XXXXX',成功:功能(数据){console.log('会话' + JSON.stringify(data));},错误:函数(数据){//ActivityIndicator.hide();console.log('ERROR : SESSION' + JSON.stringify(data));//ShowAlertMessage('SESSION 时出现错误');}});
它运行良好,但现在它的响应:
[INFO:CONSOLE(155)] "ERROR SESSION{"readyState":4,"responseText":"","status":403,"statusText":"Forbidden"}", source: file:///android_asset/www/js/index.js (155)
这段代码有什么问题?为什么它不起作用?任何帮助,建议将不胜感激
先谢谢你.
- 确保服务器代码返回一个 CORS 标头,授予其他站点的访问权限:
<块引用>
eg: header('Access-Control-Allow-Origin: *');
确保在您的服务器上禁用了ModSecurity"(如果您有 cPanel 访问权限,您应该能够通过 cPanel/Security 或类似的东西来做到这一点)
确保您安装了cordova白名单插件(使用cordova pre v5.0.0的legacy"插件):
$cordova 插件添加cordova-plugin-legacy-whitelist
在您的cordova config.xml 中设置一个非常开放的白名单:
<访问源=*"/>
在您的 index.html 中设置内容安全策略:
这使所有内容都 WIDE 开放,而跨域、白名单 URL 请求和内容安全策略的重点是限制跨域访问.在你开始工作后,我会把它作为一个练习来研究和限制安全性.
我希望这会有所帮助.
参考文献:
https://github.com/apache/cordova-plugin-白名单#content-security-policyhttps://cordova.apache.org/announcements/2015/04/21/plugins-release-and-move-to-npm.htmlhttp://content-security-policy.com/
I am developing Android phonegap application with jquery.mobile-1.4.3.js and cordova.3.5.0.
i am calling $ajax for web service. below is a code snippet.
$.ajax({
type: 'POST',
data: LoginData,
crossDomain:true,
dataType : 'json',
timeout: 50000,
url: 'https://dsp-wasatchtechies.cloud.dreamfactory.com/rest/user/session?app_name=XXXXX',
success: function(data) {
console.log(' SESSION' + JSON.stringify(data));
},
error: function(data) {
//ActivityIndicator.hide();
console.log('ERROR : SESSION' + JSON.stringify(data));
//ShowAlertMessage('There was an error while SESSION');
}
});
It was works perfectly but now its responding:
[INFO:CONSOLE(155)] "ERROR SESSION{"readyState":4,"responseText":"","status":403,"statusText":"Forbidden"}", source: file:///android_asset/www/js/index.js (155)
what is wrong this code ? why it is not working ? any help, suggestion will be appreciated
thank you in advance.
- ensure the server code returns a CORS header granting access from other sites:
eg: header('Access-Control-Allow-Origin: *');
ensure "ModSecurity" is disabled on your server (if you have cPanel access you should be able to do that via cPanel / Security or something like that)
ensure you have the cordova whitelist plugin installed (use the "legacy" plugin for cordova pre v5.0.0):
$ cordova plugin add cordova-plugin-legacy-whitelist
setup a very open whitelist in your cordova config.xml:
<allow-intent href="*" />
<access origin="*" />
setup a Content Security Policy in your index.html:
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; connect-src *; img-src *; style-src * 'unsafe-inline' ; media-src *;">
This makes everything WIDE open, whereas the point of cross-origin-domains, whitelisted URL request, and content security policies is to restrict cross-domain access. I'll leave it as an exercise to research and restrict the security down, after you get the thing working.
I hope this helps.
References:
https://github.com/apache/cordova-plugin-whitelist#content-security-policy https://cordova.apache.org/announcements/2015/04/21/plugins-release-and-move-to-npm.html http://content-security-policy.com/
这篇关于$.ajax POST 返回“状态":403,“状态文本":“禁止"科尔多瓦机器人的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!