问题
I have a Cordova app and after upgrading (5.0.0) it I'm unable to call any resource at all. I've added the whitelist plugin and added the following tag to index.html
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net localhost:1337 *.ajax.aspnetcdn.com">
I got the following errors:
Refused to load the script 'http://ajax.aspnetcdn.com/ajax/mobileservices/MobileServices.Web-1.2.5.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net localhost:1337 *.ajax.aspnetcdn.com".
Refused to load the script 'http://localhost:1337/vorlon.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net localhost:1337 *.ajax.aspnetcdn.com".
I've tried with the default policy that should allow everything, but still no luck.
I've also added the following to my config.xml file
<access origin="*" />
<allow-navigation href="*" />
and using the following plugins:
C:\Projects\TavlaApp>cordova plugin
com.microsoft.azure-mobile-services 1.2.7 "Windows Azure Mobile Services"
cordova-plugin-whitelist 1.0.1-dev "Whitelist"
nl.x-services.plugins.calendar 4.3.4 "Calendar"
nl.x-services.plugins.insomnia 4.0.1 "Insomnia (prevent screen sleep)"
org.apache.cordova.inappbrowser 0.6.0 "InAppBrowser"
Any idea's what to try?
回答1:
Wildcards are accepted, but only as a scheme, a port, or in the leftmost position of the hostname:
*://*.example.com:*
...this would match all subdomains of example.com (but not example.com itself), using any scheme, on any port.
The key here, for you, might be the part in bold above.
You're specifying:
localhost:1337
*.ajax.aspnetcdn.com
But yet calling
http://ajax.aspnetcdn.com
http://localhost:1337
Maybe change to
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.azure-mobile.net http://localhost:1337 http://ajax.aspnetcdn.com">
I'm specifying port, but you could replace "http" with *
Hopefully this helps, or leads you in right direction.
回答2:
It seems like there was something wrong with my plugin/platform.
I did a remove of all plugins
cordova platform rm android
cordova platform add android
Then readded the plugins, and everything works.
回答3:
I got this issue while trying to install cordova-plugins-whitelist for Cordova 5. Here is the install log:
Installing "cordova-plugin-whitelist" for android
This plugin is only applicable for versions of cordova-android greater than 4.0. If you have a previous platform version, you do *not* need this plugin since the whitelist will be built in.
As we can see, this plugin is no longer necessary in Cordova v5!!
来源:https://stackoverflow.com/questions/30172654/cordova-content-security-policy