Cordova内容安全策略 [英] Cordova Content Security Policy

问题描述

我有一个Cordova应用程式，升级后（5.0.0），我无法呼叫任何资源。我已添加白名单插件，并将以下标记添加到index.html

 < meta http-equiv = Security-Policycontent =default-src *; style-src'self''unsafe-inline'; script-src'self''unsafe-inline''unsafe-eval'* .azure-mobile.net localhost：1337 * .ajax.aspnetcdn.com> 
  

我遇到以下错误：

拒绝载入脚本 http：// ajax .aspnetcdn.com / ajax / mobileservices / MobileServices.Web-1.2.5.min.js ，因为它违反了以下内容安全策略指令：script-src'self''unsafe-inline''unsafe-

拒绝加载脚本'http://localhost:1337/vorlon.js ，因为它违反了以下内容安全策略指示：script-src'self''unsafe-inline''unsafe -eval'* .azure-mobile.net localhost：1337 * .ajax.aspnetcdn.com。

我还在config.xml文件中添加了以下内容

 < access origin =*/> 
< allow-navigation href =*/> 
  

并使用以下插件：

  C：\Projects\TavlaApp> cordova插件
 com.microsoft.azure-mobile-services 1.2.7Windows Azure移动服务
 cordova-plugin-白名单1.0.1-dev白名单
 nl.x-services.plugins.calendar 4.3.4日历
 nl.x-services.plugins.insomnia 4.0.1失眠（防止屏幕睡眠）
 org.apache.cordova.inappbrowser 0.6.0InAppBrowser
  

任何想法

解决方案

看起来我的插件/平台有问题。

我删除了所有的插件

  cordova平台rm android 
 cordova平台添加android 
  

然后重新插入插件，一切正常。

I have a Cordova app and after upgrading (5.0.0) it I'm unable to call any resource at all. I've added the whitelist plugin and added the following tag to index.html

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net localhost:1337 *.ajax.aspnetcdn.com">

I got the following errors:

Refused to load the script 'http://ajax.aspnetcdn.com/ajax/mobileservices/MobileServices.Web-1.2.5.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net localhost:1337 *.ajax.aspnetcdn.com".

Refused to load the script 'http://localhost:1337/vorlon.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net localhost:1337 *.ajax.aspnetcdn.com".

I've tried with the default policy that should allow everything, but still no luck.

I've also added the following to my config.xml file

<access origin="*" />
<allow-navigation href="*" />

and using the following plugins:

C:\Projects\TavlaApp>cordova plugin
com.microsoft.azure-mobile-services 1.2.7 "Windows Azure Mobile Services"
cordova-plugin-whitelist 1.0.1-dev "Whitelist"
nl.x-services.plugins.calendar 4.3.4 "Calendar"
nl.x-services.plugins.insomnia 4.0.1 "Insomnia (prevent screen sleep)"
org.apache.cordova.inappbrowser 0.6.0 "InAppBrowser"

Any idea's what to try?

解决方案

It seems like there was something wrong with my plugin/platform.

I did a remove of all plugins

   cordova platform rm android
   cordova platform add android

Then readded the plugins, and everything works.

这篇关于Cordova内容安全策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！