如何在WinJS iframe中加载远程内容,同时避免SEC7117错误? [英] How can I load remote content in a WinJS iframe whilst avoiding SEC7117 errors?
问题描述
我正在尝试将现有的网络应用移植到Windows Phone 8.1(以及之后的Windows 8.1)。这不是静态内容,这是一个带有大量客户端功能的动态页面。
I'm trying to port an existing web app to Windows Phone 8.1 (and later, to Windows 8.1). This is not static content, this is a dynamic page with loads of client-side functionality.
我的 default.html 文件有< iframe src =https://remote.example.com/app.html>< / iframe> 。
iframe中的内容在模拟器中工作,并且在该初始HTML中直接引用的资源似乎有效。但是,我的网络应用程序却触发了以下几个错误:
The content in the iframe works in the emulator, and resources that are directly referenced in that initial HTML seems to work. However, my web app but triggers several errors like this:
SEC7117:网络请求 https://cdn.remote.example.com/extra.js 没有成功。
您的应用程序清单未声明以下功能:internetClient privateNetworkClientServer
SEC7117: Network request to https://cdn.remote.example.com/extra.js did not succeed. Your application manifest does not declare the following capabilities: internetClient privateNetworkClientServer
我得到类似的错误 https://cdnjs.cloudflare.com/ ...和 https://example.cloudfront.net/ ...
I get similar errors for https://cdnjs.cloudflare.com/... and https://example.cloudfront.net/...
仿真器只是善良,这些资源不会一旦应用程序在真实设备上运行,就可以正常工作。
The emulator is just being kind, these resources won't work at all once the app is running on a real device.
我的 package.appxmanifest 文件包括以下内容:
My package.appxmanifest file includes the following:
<ApplicationContentUriRules>
<Rule Match="https://remote.example.com/" Type="include" />
<Rule Match="https://cdnjs.cloudflare.com/" Type="include" />
<Rule Match="https://example.cloudfront.net/" Type="include" />
<Rule Match="https://cdn.remote.example.com/" Type="include" />
</ApplicationContentUriRules>
...
<Capabilities>
<Capability Name="internetClientServer" />
<Capability Name="picturesLibrary" />
<Capability Name="internetClient" />
<Capability Name="privateNetworkClientServer" />
<DeviceCapability Name="location" />
<DeviceCapability Name="webcam" />
</Capabilities>
为什么会发生这些SEC7117错误?我尝试使用< x-ms-webview>< / x-ms-webview> 元素而不是iframe,但后来使用了许多Web平台API (例如HTML5 GeoLocation)停止工作,微软自己的指导似乎使用MSWebView来获取静态内容。
Why are these SEC7117 errors happening? I've tried using the <x-ms-webview></x-ms-webview> element instead of an iframe, but then many of the Web Platform APIs (e.g. HTML5 GeoLocation) stop working, and Microsoft's own guidance seems to use MSWebView for static content.
出于安全考虑,我真的宁愿执行我的网络应用程序在Web上下文中,并使用 postMessage 来执行类似app的活动(这部分正在运行)。通过这样直接从主机获取内容,我可以更新Windows Phone应用程序的这一部分,而无需通过市场推送更新。
For security purposes, I'd really rather that my web app be executed in the "web context", and use postMessage to perform app-like activities (and this part is working). And by sourcing the content directly from the host like this, I can update this part of the Windows Phone app without needing to push updates through the Marketplace.
我有什么东西吗?我失踪了?我使用了错误的元素吗?其他人如何为Windows Phone 8.1包装现有的Web应用程序?
Is there something I'm missing? Am I using the wrong element? How are other people wrapping existing web apps for Windows Phone 8.1?
推荐答案
这很可能是由iframe安全模型引起的。
This is mostly likely caused by the iframe security model.
在上下文的功能和限制该表列出了在Web上下文中禁用的跨域XHR请求(根据开发安全应用程序由iframe加载的远程Web内容始终加载到网络上下文)。
At Features and restrictions by context the table lists Cross-domain XHR requests as being disabled in the web context (which, according to Developing secure apps "remote web content loaded by an iframe is always loaded in the web context").
如果您通过XHR加载内容,您将被阻止。
If you are loading the content via XHR, you will be blocked.
你可以调查方法,使用postMessage在Local上下文中获取数据,然后将其传递回Web上下文。
You can investigate methods, using postMessage to fetch data in the Local context and then pass it back into the Web context.
这篇关于如何在WinJS iframe中加载远程内容,同时避免SEC7117错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
