WKWebview [警告] [已阻止] https://www.myurl.com上的页面不允许显示来自mycustomscheme：//？path = somepath的不安全内容 [英] WKWebview [Warning] [blocked] The page at https://www.myurl.com was not allowed to display insecure content from mycustomscheme://?path=somepath

问题描述

我最近在混合应用程序中将 UIWebview 替换为 WKWebview 。我正在使用自定义方案从Apple的推荐位置从应用程序的本机部分加载图像：
https://developer.apple.com/videos/play/wwdc2017/220/

I've recently replaced my UIWebview to a WKWebview in my hybrid app. I'm using a custom scheme to load images from the native part of the app as it's recommended by Apple here: https://developer.apple.com/videos/play/wwdc2017/220/

我正在加载来自网址的图片看起来像 mycustomscheme：//？path = somepath

I'm loading the images from a url that look like mycustomscheme://?path=somepath

我添加了Content-包含混合内容的Security-Policy标头，看起来像这样（删除了不相关的部分）：

I've added Content-Security-Policy header to allow for the mixed content, and it looks like this (irrelevant parts were removed):

Content-Security-Policy: default-src 'self' www.myurl.com ; img-src 'self' mycustomscheme: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; report-uri https://www.myreporturl.com/

这适用于大多数设备，请求 mycustomscheme 进行处理，如果阻止任何内容，请报告给 myreporturl 。但是，在某些设备上，自定义请求被阻止，并出现以下错误：
[警告] [被阻止] https://www.myurl.com上的页面不允许显示来自以下位置的不安全内容： mycustomscheme：//？path = somepath 并且没有报告发送到 myreporturl ，就好像根本没有加载标头一样。

This works for most devices and lets the request to mycustomscheme go through, and report to myreporturl if anything was blocked. However, on some devices the custom requests are blocked with this error: [Warning] [blocked] The page at https://www.myurl.com was not allowed to display insecure content from mycustomscheme://?path=somepath and no report is being sent to myreporturl, as if the header was not loaded at all.

我已经确认标头实际上已发送，并且有问题的设备正在运行最新的iOS（12.1.4）。

I've confirms that the header is actually sent, and that the problematic devices are running the latest iOS (12.1.4).

关于如何防止我的自定义请求被阻止的任何建议将不胜感激！

Any advice on how to prevent my custom requests from getting blocked would be much appreciated!

推荐答案

尝试以下操作来加载图像策略：

Try the following for loading image policy:

img-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: mycustomscheme: filesystem: file:;

这篇关于WKWebview [警告] [已阻止] https://www.myurl.com上的页面不允许显示来自mycustomscheme：//？path = somepath的不安全内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！