由于违反内容安全策略而拒绝连接到 URL
Refused to connect to URL because of violation of Content Security Policy
这是我的控制台中的错误:
这是元的实际代码:
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' data: gap: https://ssl.gstatic.com ; style-src 'self' 'unsafe-inline'; media-src *">
我正在用 cordova 开发 android 应用程序。我正在尝试从照片中的划痕 URL 中检索数据。这是 index.html
html>
<head>
<body>
<div role="main" class="ui-content">
<div class="app">
<h1>Apache Cordova</h1>
<div id="deviceready" class="blink">
<p class="event listening">Connecting to Device</p>
<p class="event received">Device is Ready</p>
</div>
</div>
这是 index.js
var app = {
// Application Constructor
initialize: function() {
this.bindEvents();
},
// Bind Event Listeners
//
// Bind any events that are required on startup. Common events are:
// 'load', 'deviceready', 'offline', and 'online'.
bindEvents: function() {
document.addEventListener('deviceready', this.onDeviceReady, false);
document.addEventListener('loadcities', this.onDeviceReady, false);
},
// deviceready Event Handler
//
// The scope of 'this' is the event. In order to call the 'receivedEvent'
// function, we must explicitly call 'app.receivedEvent(...);'
onDeviceReady: function() {
app.receivedEvent('deviceready');
app.receivedEvent('loadcities');
},
// Update DOM on a Received Event
receivedEvent: function(id) {
if (id === 'deviceready') {
var parentElement = document.getElementById(id);
var listeningElement = parentElement.querySelector('.listening');
var receivedElement = parentElement.querySelector('.received');
listeningElement.setAttribute('style', 'display:none;');
receivedElement.setAttribute('style', 'display:block;');
console.log('Received Event: ' + id);}
else if (id === 'loadcities') {
var url = "http://uiiuh"
$.getJSON(url).done(function(response){
if(!response.length){
console.warn("Empty list of cities");
}
config.cities = response;
$('body').trigger('city-data');
}).fail(function(data, status, error){
console.error("Something went wrong retrieving the cities via API")
});
}
}
};
app.initialize();
我现在只想在控制台中显示检索到的数据。
内容安全策略将 connect-src 限制为 self、data:、gap:(这是 Cordova 的东西吗?)和 https://ssl.gstatic.com — 这意味着任何从 URL 加载资源但与其中一个不匹配的尝试都将被阻止。
由于脚本试图从 http://uiiuh 加载 JSON 数据,因此被阻止;您需要将 http://uiiuh 添加到 CSP 规则中允许的来源列表中。
这是我的控制台中的错误:
这是元的实际代码:
<meta http-equiv="Content-Security-Policy" content="connect-src 'self' data: gap: https://ssl.gstatic.com ; style-src 'self' 'unsafe-inline'; media-src *">
我正在用 cordova 开发 android 应用程序。我正在尝试从照片中的划痕 URL 中检索数据。这是 index.html
html>
<head>
<body>
<div role="main" class="ui-content">
<div class="app">
<h1>Apache Cordova</h1>
<div id="deviceready" class="blink">
<p class="event listening">Connecting to Device</p>
<p class="event received">Device is Ready</p>
</div>
</div>
这是 index.js
var app = {
// Application Constructor
initialize: function() {
this.bindEvents();
},
// Bind Event Listeners
//
// Bind any events that are required on startup. Common events are:
// 'load', 'deviceready', 'offline', and 'online'.
bindEvents: function() {
document.addEventListener('deviceready', this.onDeviceReady, false);
document.addEventListener('loadcities', this.onDeviceReady, false);
},
// deviceready Event Handler
//
// The scope of 'this' is the event. In order to call the 'receivedEvent'
// function, we must explicitly call 'app.receivedEvent(...);'
onDeviceReady: function() {
app.receivedEvent('deviceready');
app.receivedEvent('loadcities');
},
// Update DOM on a Received Event
receivedEvent: function(id) {
if (id === 'deviceready') {
var parentElement = document.getElementById(id);
var listeningElement = parentElement.querySelector('.listening');
var receivedElement = parentElement.querySelector('.received');
listeningElement.setAttribute('style', 'display:none;');
receivedElement.setAttribute('style', 'display:block;');
console.log('Received Event: ' + id);}
else if (id === 'loadcities') {
var url = "http://uiiuh"
$.getJSON(url).done(function(response){
if(!response.length){
console.warn("Empty list of cities");
}
config.cities = response;
$('body').trigger('city-data');
}).fail(function(data, status, error){
console.error("Something went wrong retrieving the cities via API")
});
}
}
};
app.initialize();
我现在只想在控制台中显示检索到的数据。
内容安全策略将 connect-src 限制为 self、data:、gap:(这是 Cordova 的东西吗?)和 https://ssl.gstatic.com — 这意味着任何从 URL 加载资源但与其中一个不匹配的尝试都将被阻止。
由于脚本试图从 http://uiiuh 加载 JSON 数据,因此被阻止;您需要将 http://uiiuh 添加到 CSP 规则中允许的来源列表中。