我们正在使用Ionic框架开发移动应用程序。以下是config.xml和index.html文件:
config.xml中
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<widget id="com.ionicframework.manageyourmatch988887" version="0.0.1" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<name>manageyourmatch</name>
<description>
An Ionic Framework and Cordova project.
</description>
<author email="hi@ionicframework" href="http://ionicframework.com/">
Ionic Framework Team
</author>
<content src="index.html"/>
<access origin="*"/>
的index.html
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
当我们在设备上的loginCtrl.js中执行发布请求时,我们收到404错误。我们缺少什么?我们使用访问标记和CSP标记通过白名单允许所有来源。
loginCtrl - http post
$http.post(APP_CONFIG.serverUrl, // server url for connetion
{action : "login", cell_num : $scope.model.telephone, password : $scope.model.password} // data passed by json post
).then(
function(response) { // if i recive a response from the server
console.log(response.data);
if(response.data.status == "success"){ // if the server accepts my login
// show toast [native] or an alertPopup [all platforms]
if(typeof window.plugins !== "undefined")
window.plugins.toast.showLongBottom('Response: ' + response.data.status);
else
$ionicPopup.alert({title: 'Server response', template: ''+response.data.status});
// test the vibration [HTML5 all platforms]
//navigator.vibrate(1000);
// Update localStorage
localStorage.setItem("telephone", $scope.model.telephone);
localStorage.setItem("loggedin", "true");
localStorage.setItem("session_id", response.data.session_id);
// Go to homepage
$state.go('home.matches');
}else{
// if the login fail due to bad username and password (or something else...)
$ionicPopup.alert({
title: 'Error message',
template: ''+response.data.error_message
});
}
}, function(error) { // if something goes wrong
console.log(JSON.stringify(error));
$ionicPopup.alert({
title: 'Connection failed',
template: 'Error: '+JSON.stringify(error)
});
});
答案 0 :(得分:1)
这解决了这个问题:
<meta http-equiv="Content-Security-Policy" content="default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *">