$ .ajax POST返回“status”:403,“statusText”:“Forbidden” cordova android [英] $.ajax POST returning "status":403,"statusText":"Forbidden" cordova android
问题描述
我正在使用jquery.mobile-1.4.3.js和cordova.3.5.0开发Android phonegap应用程序。
我为web服务调用$ ajax。下面是一段代码片段。
$ .ajax({
type:'POST',
data:LoginData,
crossDomain:true,
dataType:'json',
timeout:50000,
url:'https://dsp-wasatchtechies.cloud.dreamfactory.com/rest/user/session? app_name = XXXXX',
success:function(data){
console.log('SESSION'+ JSON.stringify(data));
},
error:function(data){
//ActivityIndicator.hide();
console.log('ERROR:SESSION'+ JSON.stringify ));
// ShowAlertMessage('SESSION'时出现错误);
}
});
它完美工作,但现在响应:
[INFO:CONSOLE(155)]ERROR SESSION {readyState:4,responseText:,status:403,statusText:Forbidden },source:file:///android_asset/www/js/index.js(155)
这段代码出了什么问题?为什么它不工作?
- 确保服务器代码返回允许其他网站访问的CORS头:
eg:header('Access-Control-Allow-Origin:*');
-
确保您的服务器上已禁用ModSecurity有cPanel访问,你应该能够通过cPanel /安全或类似的方法)
-
确保您安装了cordova白名单插件plugin for cordova pre v5.0.0):
$ cordova插件add cordova-plugin-legacy-whitelist
-
在cordova config.xml中设置非常开放的白名单:
< allow-intent href =" *& />
< access origin =" *" />
=Content-Security-Policy content =" default-src *; script-src *'unsafe-eval''unsafe-inline'; connect-src *; img-src *; style-src *'unsafe-inline'; media-src *;>
这使得WIDE全部打开,域,列入白名单的URL请求和内容安全策略是限制跨域访问。
我希望这会有所帮助。
参考文献:
https://github.com/apache/cordova-plugin-whitelist#content-security-policy
https://cordova.apache.org/announcements/2015/04/21/plugins- release-and-move-to-npm.html
http:// content-security -policy.com/
I am developing Android phonegap application with jquery.mobile-1.4.3.js and cordova.3.5.0.
i am calling $ajax for web service. below is a code snippet.
$.ajax({
type: 'POST',
data: LoginData,
crossDomain:true,
dataType : 'json',
timeout: 50000,
url: 'https://dsp-wasatchtechies.cloud.dreamfactory.com/rest/user/session?app_name=XXXXX',
success: function(data) {
console.log(' SESSION' + JSON.stringify(data));
},
error: function(data) {
//ActivityIndicator.hide();
console.log('ERROR : SESSION' + JSON.stringify(data));
//ShowAlertMessage('There was an error while SESSION');
}
});
It was works perfectly but now its responding:
[INFO:CONSOLE(155)] "ERROR SESSION{"readyState":4,"responseText":"","status":403,"statusText":"Forbidden"}", source: file:///android_asset/www/js/index.js (155)
what is wrong this code ? why it is not working ? any help, suggestion will be appreciated
thank you in advance.
- ensure the server code returns a CORS header granting access from other sites:
eg: header('Access-Control-Allow-Origin: *');
ensure "ModSecurity" is disabled on your server (if you have cPanel access you should be able to do that via cPanel / Security or something like that)
ensure you have the cordova whitelist plugin installed (use the "legacy" plugin for cordova pre v5.0.0):
$ cordova plugin add cordova-plugin-legacy-whitelist
setup a very open whitelist in your cordova config.xml:
<allow-intent href="*" />
<access origin="*" />
setup a Content Security Policy in your index.html:
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; connect-src *; img-src *; style-src * 'unsafe-inline' ; media-src *;">
This makes everything WIDE open, whereas the point of cross-origin-domains, whitelisted URL request, and content security policies is to restrict cross-domain access. I'll leave it as an exercise to research and restrict the security down, after you get the thing working.
I hope this helps.
References:
https://github.com/apache/cordova-plugin-whitelist#content-security-policy https://cordova.apache.org/announcements/2015/04/21/plugins-release-and-move-to-npm.html http://content-security-policy.com/
这篇关于$ .ajax POST返回“status”:403,“statusText”:“Forbidden” cordova android的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!