移动应用上的同源策略 [英] Same origin policy on mobile apps

问题描述

我一直在研究这个问题，我找不到能满足我的答案。

I've been researching this issue and I can't find an answer that satisfies me.

我非常了解与申请相同的来源政策到标准网络浏览器中的网站。我开始使用jQuery的 .load 方法开发一个使用本地webview并在网站内容中加载的移动应用程序时出现了我的问题。通常在标准的Web浏览器中，我会得到XHR加载错误。

I'm very aware of the same origin policies as they apply to websites in a standard web browser. My question came up when I started developing a mobile app that uses the native webview and loading in site content with jQuery's .load method. Typically in a standard web browser I would get an XHR load error.

那么，有关原生应用和跨源策略的规则是什么？

So, what are the rules regarding native apps and cross origin policies?

推荐答案

Robot Woods绝对是在正确的轨道上。当处理本机应用程序时，您在某种意义上从file：//而不是从https：//请求。由于您不是通过HTTP协议发出请求，因此相同的规则不适用。从原生移动应用发出请求时，您应该向任何域发出请求，而不会出现任何问题。

Robot Woods is definitely on the right track. When dealing with a native application, you are in a sense making requests from file://, instead of from https://. Because you are not making a request across the HTTP protocol, the same rules do not apply. When making requests from your native mobile app, you should be to make requests to any domain without any problems.

您只需将域添加到PhoneGap中的白名单/ Cordova如果你将有整个页面替换您的正常内容在webview，通常不会发生（你通常只是请求数据从你的服务器，而不是做一个window.location更改）。

You only need to add the domain to the whitelist in PhoneGap/Cordova if you will be having that entire page replace your normal content in the webview, which normally doesn't happen (you normally are just requesting data in chunks from your server, instead of doing a window.location change).

这篇关于移动应用上的同源策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！