cordova错误之: Refused to connect to XXX -- because it violates the following Content Security Policy..
Refused to connect to 'http://localhost:8545/' because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.html
(anonymous) @ chunk-vendors.8e02e518.js:33
app.f97599e1.js:1 Error during service worker registration: DOMException
error @ app.f97599e1.js:1
2chunk-vendors.8e02e518.js:33 Uncaught (in promise) Error: invalid response - 0
at XMLHttpRequest.a.onreadystatechange (chunk-vendors.8e02e518.js:33)promise
解决办法:
错误提示中,已经说是违反了Content Security Policy指令,app
由于在Content Security Policy中,没有配置对应的部分,那么会默认使用default-src指令,而default-src指令中没有设置咱们发送请求url设置,所以拒绝访问。ui
若是要设置容许请求数据的话,则须要设置Content-Security-Policy的connect-src *,意思是能够请求到任何的url,以下所示:url
<meta http-equiv="Content-Security-Policy"
content="connect-src *; default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">
只要是配置了connect-src指令,则不会使用默认指令default-src。
spa
解决办法参考连接:https://blog.csdn.net/michael_ouyang/article/details/50757456.net
meta标签官网:https://developer.mozilla.org/zh-CN/docs/Web/HTML/Element/metacode
Content Security Policy官网:https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Content-Security-Policy__by_cnvoidhtm