javascript - $.getJSON API 的 Cordova 问题
问题描述
我正在使用 Cordova 为一个大学项目开发一个应用程序,所以这是我第一次使用它。作为其中的一部分,我已经设法从 Reed Jobs 实现了一个 API,这在 Chrome 中运行良好,但是它在 iOS 模拟器上无法运行 - 没有错误,但页面只是没有加载任何数据。
我$.getJSON("reed.php", function(data)在我的JavaScript中使用来调用我的数据,然后我的PHP如下......
<?php
$username = "username";
$password = "";
$remoteUrl = 'https://www.reed.co.uk/api/1.0/search?locationName=leeds&distancefromlocation=15&partTime=true&temp=true';
$opts = array(
'http'=>array(
'method'=>"GET",
'header' => "Authorization: Basic " . base64_encode("$username:$password")
)
);
$context = stream_context_create($opts);
// Open the file using the HTTP headers set above
$file = file_get_contents($remoteUrl, false, $context);
print($file);
?>
在阅读了一些建议后,我尝试添加<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *;**script-src 'self' https://www.reed.co.uk/ 'unsafe-inline' 'unsafe-eval';** ">到我的 html 页面,但这在我的控制台中显示了一个错误列表:
Unrecognized Content-Security-Policy directive '**script-src'.
Unrecognized Content-Security-Policy directive '**'.
Refused to load the script 'https://code.jquery.com/jquery-3.3.1.min.js' because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
Refused to load the stylesheet 'https://use.fontawesome.com/releases/v5.6.3/css/all.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Poppins:300,500,700,900' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
Refused to load the script 'https://code.jquery.com/jquery-3.3.1.min.js' because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
Uncaught ReferenceError: $ is not defined
at index.js:31
Uncaught ReferenceError: $ is not defined
at window.onload
然后我还尝试添加<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; connect-src http://reed.co.uk https://reed.co.uk">这给了我以下错误:
Refused to connect to 'https://example.com/reed.php' because it violates the following Content Security Policy directive: "connect-src http://reed.co.uk https://reed.co.uk".
有谁能够帮我?我对元标签的理解不是很确定。
解决方案
您的 CSP 设置为http://reed.co.uk https://reed.co.uk但您的呼叫指向https://example.com
尝试这个?
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; connect-src http://reed.co.uk https://reed.co.uk https://example.com">
推荐阅读
- python - 在 tkinter 中按下按钮时导入新的 python 文件
- docker - 在 Docker 构建期间安装自制软件包
- sqlite - SQLite:FTS5 影子表中的外键引用数据
- python-3.x - 如何在回归问题中使用具有 MultiOutputRegressor 的目标函数
- image-processing - 如何缩放 xpm 图像,保留符号颜色名称
- javascript - 具有多个值的循环的 Firestore 查询
- javascript - function XXX(txid) { shell.openExternal('url'+txid) } 需要 2 分钟才能打开我的链接
- sql-server - 使用 CASE 语句创建视图
- python - 创建项目后如何创建日期字段?
- razor-pages - razorpage 构造函数注入不起作用,而视图注入确实起作用