403禁止从Cordova 5.0.0应用程序执行AJAX POST [英] 403 Forbidden doing AJAX POST from Cordova 5.0.0 app
问题描述
我有一个非常简单的Cordova应用程序试图执行一个AJAX POST。
I have a very simple Cordova app which attempts to do an AJAX POST.
请求的URL simple.php如下:
The requested URL, simple.php, looks like this :
<?php
header('Access-Control-Allow-Origin: *');
die ( json_encode ( array('result'=>'ok') ) );
?>
index.html正是这样:
index.html is exactly this :
<head>
<script src="jquery.js"></script>
<script>
$(document).ready( function() {
$.ajax(
{
type: 'POST',
url: 'http://drawonthe.net/simple.php',
contentType: 'text/plain',
xhrFields: {
withCredentials: false
},
success: function(res) {
alert('got this res : ');
alert(JSON.stringify(res));
},
error: function(err) {
alert('got this fail : ');
alert(JSON.stringify(err));
}
});
});
</script>
</head>
<body>
</body>
我的Cordova config.xml档案包括以下内容:
My Cordova config.xml file includes the following :
<content src="index.html" />
<access origin="*" />
<allow-intent href="*" />
<allow-navigation href="*" />
<access origin="content:///*" />
我的应用程式包含 cordova-plugin-whitelist plugin。
My app includes the cordova-plugin-whitelist plugin.
我已经在index.html中尝试过各种CSP,但没有很好的结果。例如
I've experimented with various CSPs in index.html, but with no good result. Eg.
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; connect-src *; img-src *; style-src * 'unsafe-inline' ; media-src *; ">
当我在本地访问这个HTML页面时(从file://),我得到 XMLHttpRequest无法加载http://drawonthe.net/simple.php。在所请求的资源上没有Access-Control-Allow-Origin头。因此,不允许原始null访问。该响应具有HTTP状态代码403。并返回 {readyState:0,status:0,statusText:error} 。
When I access this HTML page locally (from file://) I get XMLHttpRequest cannot load http://drawonthe.net/simple.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403. and it returns {"readyState":0,"status":0,"statusText":"error"}.
当我通过托管在本地服务器上访问HTML页面时,它可以无投诉地运行。 (正确回应:{\result\:\ok\})
When I access the HTML page via being hosted on a local server it works without complaint. (The correct response: "{\"result\":\"ok\"}")
当我在Android或iOS设备上作为Cordova应用程序运行它时,我得到 {readyState:4,responseText:<!DOCTYPE HTML PUBLIC \ / IETF // DTD HTML 2.0 // EN> ... blah blah ... 403 Forbidden ...,status:403,statusText:Forbidden} 。
When I run it as a Cordova App on either an Android or an iOS device I get {"readyState":4, "responseText":"<!DOCTYPE HTML PUBLIC \" -//IETF//DTD HTML 2.0//EN\">... blah blah ... 403 Forbidden ... , "status":403, "statusText": "Forbidden"}.
发生了什么?
如何使这个请求通过手机应用程序工作?
What's going on? And how do I make this request work from the phone app?
推荐答案
当我停用我的服务器上的ModSecurity 时,此问题已解决。
This issue was resolved when I disabled ModSecurity on my server.
能够通过cPanel访问我的主机:
For me, I was able to do that via the cPanel access to my host:
cPanel>安全> ModSecurity
cPanel > Security > ModSecurity
这有助于其他人。
谢谢@jcesarmobile指出问题必须与服务器。
I hope this helps others.
Thank you @jcesarmobile for pointing out the problem had to be with the server.
这篇关于403禁止从Cordova 5.0.0应用程序执行AJAX POST的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
