I am using Jquery (and Jquery mobile) to make a mobile website..testing on desktop Chrome/Firefox.

我正在使用Jquery(和Jquery mobile)制作移动网站......在桌面Chrome / Firefox上进行测试。

When on chrome the JSONP ajax never reaches the server (can see the server access logs). The same works fine on Firefox.

在chrome上,JSONP ajax永远不会到达服务器(可以看到服务器访问日志)。这同样适用于Firefox。

Looking at firebug for chromes shows nothing on the console..no error/success nothing.

看着firebug的chromes在控制台上没有显示任何内容。没有错误/成功没什么。

Looking at chrome developer tool shows:

查看chrome开发人员工具显示:

Refused to load the script 'http://example.com/radagast/backend/alatarHandler/test/getLocation.php?callback=jQuery1102014860787917859852_1430659361646&_=1430659361647' because it violates the following Content Security Policy directive: "default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

拒绝加载脚本'http://example.com/radagast/backend/alatarHandler/test/getLocation.php?callback=jQuery1102014860787917859852_1430659361646&_=1430659361647',因为它违反了以下内容安全策略指令:“default-src'self'数据:gap:https://ssl.gstatic.com'unsafe-eval'“。请注意,'script-src'未显式设置,因此'default-src'用作后备。

The code is:

代码是:

var serverUrl = "http://example.com/radagast/backend/alatarHandler/test/getLocation.php";

    $.ajax({
    url: serverUrl,
    async: false,
    dataType: "jsonp",
    callback: 'callback',
    jsonpCallback: 'yourcallback',
    success: function (result) {
            alert('Ajax sucess ' + result);
            $("#message").html("location sent");
        }

    });

1 个解决方案

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">

#1

<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">