javascript-尝试从api获取json数据时的Cordova安全策略

jquery-1.11.1.min.js:4 Refused to connect to 
'https://xxxxxxxx/v1/common/introductions/faqs' because it 
violates the following Content Security Policy directive: "default-src 
'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 
'connect-src' was not explicitly set, so 'default-src' is used as a 
 fallback.

这是我为我的科尔多瓦应用程序执行此jQuery时遇到的错误

$(document).ready(function(){


        $("#FAQS").html("Hello worldss!");
        alert("rajesh");
        $.getJSON("https://xxxxxxxxx/v1/common/introductions/faqs",
        function(result)
        {
            $("#FAQS").html(result['faq'][0]);
            alert("hi");
        })

   });

这是我的index.html中的安全策略

<Meta http-equiv="Content-Security-Policy" content="default-src 'self' 
data: gap: https://ssl.gstatic.com 'unsafe-eval'; connect-src 'self' 
https://xxxxxxxx/v1/common/introductions/faqs; style-src 'self' 
'unsafe-inline'; media-src *">

我在堆栈溢出中关注了许多问题
Cordova – Refused to connect to api from device (Content Security Policy)

但无法显示我的json数据,并且显示相同的错误

解决方法:

查看以下example from html5rocks：

如果您想将https://apis.google.com/js/plusone.js中的代码列入白名单,则必须像这样将源主机的名称添加到CSP中

script-src 'self' https://apis.google.com

因此,要允许访问https：// xxxxxxxx / v1 / common / introductions / faq,您必须将对应主机的名称添加到CSP中：

connect-src 'self' https://xxxxxxxx

完整的CSP可能如下所示：

<Meta http-equiv="Content-Security-Policy" content="default-src 'self' 
data: gap: https://ssl.gstatic.com 'unsafe-eval'; connect-src 'self' 
https://xxxxxxxx; style-src 'self' 
'unsafe-inline'; media-src *">

另请参阅connect-src指令上的Mozilla’s documentation.它明确说明了主机源的外观：

Internet hosts by name or IP address, as well as an optional URL scheme and/or port number. The site’s address may include an optional
leading wildcard (the asterisk character, ‘*’), and you may use a
wildcard (again, ‘*’) as the port number, indicating that all legal
ports are valid for the source.

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 [email protected] 举报，一经查实，本站将立刻删除。