$.ajax POST returning “status”:403,“statusText”:“Forbidden” cordova android

问题

I am developing Android phonegap application with jquery.mobile-1.4.3.js and cordova.3.5.0.

i am calling $ajax for web service. below is a code snippet.

 $.ajax({
        type: 'POST',
        data: LoginData,
        crossDomain:true,
        dataType : 'json',
        timeout: 50000,
        url: 'https://dsp-wasatchtechies.cloud.dreamfactory.com/rest/user/session?app_name=XXXXX',
        success: function(data) {


            console.log(' SESSION' + JSON.stringify(data));

        },
        error: function(data) {

            //ActivityIndicator.hide();
            console.log('ERROR : SESSION' + JSON.stringify(data));
            //ShowAlertMessage('There was an error while SESSION');
        }
    });

It was works perfectly but now its responding:

  [INFO:CONSOLE(155)] "ERROR SESSION{"readyState":4,"responseText":"","status":403,"statusText":"Forbidden"}", source: file:///android_asset/www/js/index.js (155)

what is wrong this code ? why it is not working ? any help, suggestion will be appreciated

thank you in advance.

回答1:

1. ensure the server code returns a CORS header granting access from other sites:

eg: header('Access-Control-Allow-Origin: *');

2. ensure "ModSecurity" is disabled on your server (if you have cPanel access you should be able to do that via cPanel / Security or something like that)

3. ensure you have the cordova whitelist plugin installed (use the "legacy" plugin for cordova pre v5.0.0):

   $ cordova plugin add cordova-plugin-legacy-whitelist

4. setup a very open whitelist in your cordova config.xml:

   <allow-intent href="*" />

   <access origin="*" />

5. setup a Content Security Policy in your index.html:

   <meta http-equiv="Content-Security-Policy" content="default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; connect-src *; img-src *; style-src * 'unsafe-inline' ; media-src *;">

This makes everything WIDE open, whereas the point of cross-origin-domains, whitelisted URL request, and content security policies is to restrict cross-domain access. I'll leave it as an exercise to research and restrict the security down, after you get the thing working.

I hope this helps.

References:

https://github.com/apache/cordova-plugin-whitelist#content-security-policy https://cordova.apache.org/announcements/2015/04/21/plugins-release-and-move-to-npm.html http://content-security-policy.com/

回答2:

Do you have the domain you'r trying access on the allowed domains for your APP? You can set this on comfig.xml.

来源：https://stackoverflow.com/questions/28338435/ajax-post-returning-status403-statustextforbidden-cordova-android