我正在尝试连接到Sharepoint 2013 Server以获取一些列表等。 我有这个HTML代码,我得到我的用户名/密码/ Sharepoint-URL:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta charset="utf-8" />
<meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *" />
<title>SP Manager</title>
<!-- Some Stylesheets -->
<!-- Cordova-Scripts -->
<script src="cordova.js"></script>
<script src="scripts/platformOverrides.js"></script>
<!-- Onsen-UI Scripts -->
<script src="lib/angular/angular.js"></script>
<script src="lib/onsenui/js/onsenui.js"></script>
<!-- Zing Chart -->
<script src="lib/zingchart_trial/zingchart.min.js"></script>
<script src="scripts/ChartJS/control.js"></script>
<script src="scripts/ChartJS/chart.js"></script>
<!-- Standard Scripts -->
<script src="lib/jquery/dist/jquery.js"></script>
<script src="scripts/Page JS/index.js"></script>
<script src="../scripts/SharepointJS/sharepoint.js"></script>
<script src="scripts/TimeJS/scripte.js"></script>
<script>
ons.bootstrap(); //Call für OnsenUI-Init
</script>
</head>
<body>
<ons-navigator id="navigator" title="Navigator" var="loginNavigator">
<ons-page var="pagecontent" >
<div style="width:100%;" id="logoLogin">
<img src="Images/logo.png" style="height: 100%;"/>
</div>
<div class="login-form">
<input id="sharepoint" type="text" class="text-input--underbar" placeholder="Sharepoint" style="" onclick="changeSharepointURL(true)" readonly="readonly">
<input id="username" type="text" class="text-input--underbar" placeholder="Benutzername" value="agile\shau" style="" onclick="clearInput('#username')">
<input id="password" type="password" class="text-input--underbar" placeholder="Passwort" value="Start@123" style="" onclick="clearInput('#password')">
<br>
<ons-button id="LoginButton" onclick="sharepointLogin()" class="login-button">Einloggen</ons-button>
<br /><br />
<ons-button class="forgot-password" onclick="SP.loginOffline()">Offline Anmelden</ons-button>
<ons-button onclick="resetURL()">Reset URL</ons-button>
</div>
<div id="errorMessageLogin" style="color:red; text-align:center;">
</div>
</ons-page>
</ons-navigator>
</body>
</html>
这是我用来连接到我的Sharepoint的脚本:
var urlSP = window.localStorage.getItem('sharepoint') + "something else";
var xmlHttp = new XMLHttpRequest();
xmlHttp.onreadystatechange = function () {
if (xmlHttp.readyState == 4) {
if (xmlHttp.status == 200) {
that.usernameID = JSON.parse(xmlHttp.responseText).d.Id; //Get and save the Username-ID from Sharepoint
window.localStorage.setItem("lastUser", that.usernameID); //Save this ID ín local Storage
window.localStorage.setItem("username", username); //Save the username in local Storage
that.password = password;
callback(xmlHttp.responseText);
} else {
$("#errorMessageLogin").html("Wrong Username/Password/URL.");
}
}
}
xmlHttp.open("GET", urlSP, false);
that.credentials = "Basic " + window.btoa(username + ":" + password); //Save credentials
window.localStorage.setItem("credentials", that.credentials); //Save in local storage too
xmlHttp.setRequestHeader("Authorization", that.credentials);
xmlHttp.setRequestHeader("Accept", "application/json;odata=verbose");
xmlHttp.send(null);
此代码适用于较旧版本的Cordova(我认为我的伙伴正在使用版本3)。
现在,如果我尝试使用VS2015内置的Android模拟器和Cordova版本4启动应用程序,我会收到此错误:
Refused to connect to 'my SP adress' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
sharepoint.js (111,17)
Uncaught SecurityError: Failed to execute 'open' on 'XMLHttpRequest': Refused to connect to 'my SP adress' because it violates the document's Content Security Policy.
sharepoint.js (111,17)
我已经读过我需要来自cordova的白名单插件才能执行请求。我已将它添加到Project(带VS)以及config.xml
中的此代码<?xml version="1.0" encoding="utf-8"?>
<widget xmlns:cdv="http://cordova.apache.org/ns/1.0" xmlns:vs="http://schemas.microsoft.com/appx/2014/htmlapps" id="io.cordova.myappd6b043" version="1.0.0" xmlns="http://www.w3.org/ns/widgets" defaultlocale="de-DE">
<name>SP Manager</name>
<description>A blank project that uses Apache Cordova to help you build an app that targets multiple mobile platforms: Android, iOS, Windows, and Windows Phone.</description>
<author href="http://cordova.io" email="dev@cordova.apache.org">Apache Cordova Team </author>
<content src="index.html" />
<access origin="*" />
<!-- #################ADDED THIS LINE############## -->
<allow-intent href="https://my SP adress/*" />
<vs:features />
<preference name="SplashScreen" value="screen" />
<preference name="windows-target-version" value="8.1" />
<!-- Support for Cordova 5.0.0 plugin system -->
<plugin name="cordova-plugin-whitelist" version="1" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-intent href="tel:*" />
<allow-intent href="sms:*" />
<allow-intent href="mailto:*" />
<allow-intent href="geo:*" />
<platform name="android">
<allow-intent href="market:*" />
</platform>
<platform name="ios">
<allow-intent href="itms:*" />
<allow-intent href="itms-apps:*" />
</platform>
<!-- some icon sources -->
<vs:plugin name="cordova-plugin-whitelist" version="1.2.0" />
</widget>
但它仍然不起作用。
编辑:我的队友在VS2015中更新了他的cordova并且没有任何问题......我很困惑...... 即使重新安装也行不通......答案 0 :(得分:0)
也许你可以让你的内容安全警察更加宽容。我用这个:
<meta http-equiv="Content-Security-Policy" content="default-src 'self' * gap://ready; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src *"/>