如何允许 Cordova 6.1 应用程序从网站在 iOS 中嵌入 iframe?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/36318185/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I allow a Cordova 6.1 app to embed an iframe in iOS from a website?
提问by Phil Barresi
Until I recently built, my cordova app was able to embed an iframe of a website just fine; now, presumably after an update I forgot about, building the app results in the iframe being blank on iOS but works in Android.
在我最近构建之前,我的cordova 应用程序能够很好地嵌入网站的iframe;现在,大概是在我忘记了更新之后,构建应用程序会导致 iframe 在 iOS 上为空白,但在 Android 中有效。
I have added the following settings to config.xml:
我已将以下设置添加到 config.xml:
<access origin="*"/>
<access origin="*.pushwoosh.com" />
<access origin="*.hoby.org" />
<allow-navigation href="*" />
<allow-intent href="*" />
<access origin="*"/>
<access origin="*.pushwoosh.com" />
<access origin="*.hoby.org" />
<allow-navigation href="*" />
<allow-intent href="*" />
As well as the following Content Security Policy:
以及以下内容安全策略:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
Which should allow basically everything. I have the cordova-whitelist plugin added, using cordova 6.1.0 and Ionic 1.7.14
这应该允许基本上一切。我添加了cordova-whitelist插件,使用cordova 6.1.0和Ionic 1.7.14
Edit: it actually works on iOS emulator but not when I run it on the device.
编辑:它实际上适用于 iOS 模拟器,但当我在设备上运行它时却不起作用。
Edit 2: it seems like it may be a mobile safari issue; I am viewing the files over my network and even outside of Cordova they're not loading properly. I can confirm though that this was working as of a few days ago at least.
编辑 2:这似乎是一个移动 safari 问题;我正在通过我的网络查看文件,甚至在 Cordova 之外,它们也没有正确加载。我可以确认这至少在几天前是有效的。
回答by JesseMonroy650
your application of the whitelistplugin is close, but likely is failing because you have javascript in your index.html. CSPhas stopped many developers. The easiest thing to do is move all the Javascript and CSS to their own separate files.
您的whitelist插件应用程序已关闭,但可能会失败,因为您的 index.html 中有 javascript。CSP已经阻止了许多开发人员。最简单的方法是将所有 Javascript 和 CSS 移动到它们自己的单独文件中。
Short of that, here is a widely applied solution:
简而言之,这是一个广泛应用的解决方案:
As a side note, the whitelistsystem is required as of Cordova Tools 5.0.0(April 21, 2015). For Phonegap Build, that means since cli-5.1.1(16 Jun 2015)
作为旁注,从Cordova Tools 5.0.0(2015 年 4 月 21 日)起whitelist需要该系统。对于Phonegap Build,这意味着自(2015 年 6 月 16 日)cli-5.1.1
Add this to your config.xml
将此添加到您的 config.xml
<plugin name="cordova-plugin-whitelist" source="npm" spec="1.1.0" />
<allow-navigation href="*" />
<allow-intent href="*" />
<access origin="*" /> <!-- Required for iOS9 -->
NOTE YOUR APP IS NOW INSECURE. IT IS UP TO YOU TO SECURE YOUR APP.
Add the following to your index.html
请注意您的应用程序现在不安全。保护您的应用程序取决于您。
将以下内容添加到您的index.html
<meta http-equiv="Content-Security-Policy"
content="default-src *;
style-src * 'self' 'unsafe-inline' 'unsafe-eval';
script-src * 'self' 'unsafe-inline' 'unsafe-eval';">
NOTE YOUR APP IS NOW INSECURE. IT IS UP TO YOU TO SECURE YOUR APP.
This whitelistworksheet should help.
HOW TO apply the Cordova/Phonegap the whitelist system
请注意您的应用程序现在不安全。保护您的应用程序取决于您。
此白名单工作表应该会有所帮助。
如何应用 Cordova/Phonegap 白名单系统
