我正在玩 Ionic 中的一些小应用程序,我无法让它在我的 Android 设备上工作,首先我收到错误:“无法加载资源”并带有 404 响应,然后我安装了 Cordova 白名单插件,添加
<access origin="*"/>
<allow-navigation href="*"/>
<allow-intent href="*"/>
在我的 config.xml 文件中,我在 html 中添加了元标记
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
使用这个元标记,我收到一个错误,表明我违反了“script-src 'self'”的策略
所以我将其更改为:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'">
现在我没有收到策略错误,但收到 
任何人都知道我做错了什么,因为这真的令人沮丧:(
应用程序在浏览器中正常工作,并且API正在工作,您可以在这里测试它:http://sremskevesti.rs/wp-json/posts
最佳答案
FWIW 政策令人困惑,很多很多人迷失了方向。我正在写一篇博客文章。这是我的raw notes .
修复许多常见的白名单问题
替代方案是这个快速修复 - 但要知道这个快速修复消除了 white-list 的所有需求。这将创建一个 security issue您可能不想绕过它。
快速修复将此添加到您的 config.xml仅适用于 PHONEGAP 构建
<preference name="phonegap-version" value="3.7.0" />
长答案如下:
来自Top Mistakes by Developers new to Cordova/Phonegap您已点击:
- #6 未为编译器设置“phonegap 版本”
- #7 没有为您的插件设置“版本”
- #10 不在 config.xml 中添加新的“白名单”和“白名单插件”参数。
对于#6 和#7
With the CLI version, if you do not assign a version for your platform OR in ''Phonegap Build'' if you do not set the phonegap-version in config.xml, YOU WILL GET THE LATEST VERSION. If you are lucky, your program just works as expected. If you are not lucky, you'll get a set of cascading errors.
Luckily for all of us, Holly Schinsky has written a nice blog post to explain it all:
Cordova/PhoneGap Version Confusion
http://devgirl.org/2014/11/07/cordovaphonegap-version-confusion/
对于#10
This relatively * NEW * requirement means – to access ANY website or resources on the web, you MUST use the whitelist and the whitelist plugin. This requirement goes into affect, if you are using [email protected] or better; including cli-5.1.1 and cli-5.2.0. If however, your version is before 4.0.0, let's say 3.5.0 or 3.7.0, then you will not have to add the white-list requirement.
To be clear, the "whitelist" has been around for a bit, but the plugin and requirement is very new. As you would expect, when the "whitelist" was added, the defacto open-access feature was deprecated. Or said another way, the defacto open-access feature was planned and scheduled to be eliminated. This change marks a step in removal of the open-access feature.
In addition, the Content Security Policy (CSP) has caught numerous developers - because it was soooo poorly publicized. Depending on your use and the version of Phonegap you are using, the CSP needs to go in every single HTML page you used, just like you have to wait for 'deviceready'. However, there are cases where it is not needed at all. The documentation is confusing for some, please read it carefully. The documentation is buried in the bottom of many of the latest documentation pages.
Lastly, Raymond Camden in his blog points to a LARGE change in policy starting with Cordova 5
相关链接
Phonegap Build Forum: Notes for upgrading to cli-5.1.1 on PGB and now required Whitelist
关于android - 添加 Cordova 白名单插件后,设备上的 Ionic 应用程序为 "Failed to load resource",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33322803/