Jquery CSP头和跨域Ajax调用
我的服务器my.server.com生成一个HTML页面,该页面调用另一个服务external.server.com来加载数据。 对于ajax调用,我使用jqueryJquery CSP头和跨域Ajax调用,jquery,ajax,http-headers,cross-domain,Jquery,Ajax,Http Headers,Cross Domain,我的服务器my.server.com生成一个HTML页面,该页面调用另一个服务external.server.com来加载数据。 对于ajax调用,我使用jquery $.ajax({ url:"https://external.server.com/check", dataType: 'get', success:function(json){ // do stuff with json (in this case an array)
$.ajax({
url:"https://external.server.com/check",
dataType: 'get',
success:function(json){
// do stuff with json (in this case an array)
$("userContainer").append(json);
},
error:function(){
alert("Error");
}
});
Refused to connect to 'https://external.server.com/check' because it violates the following Content Security Policy directive: "default-src 'self'"
<script src="webjars/jquery/1.9.1/jquery.min.js"></script>
<script src="js/custom.js"></script>
<meta http-equiv="Content-Security-Policy" content="default-src my.server.com; script-src 'unsafe-inline' my.server.com; connect-src external.server.com">
<meta http-equiv="X-Content-Security-Policy" content="default-src my.server.com; script-src 'unsafe-inline' my.server.com; connect-src external.server.com">
<meta http-equiv="X-Content-Security-Policy" content="default-src my.server.com; script-src 'unsafe-inline' my.server.com; connect-src external.server.com">
<meta http-equiv="Access-Control-Allow-Origin" content="*">
你好,Raju,我收到了相同的错误:拒绝连接到,因为它违反了以下内容安全策略指令:default src'self'。请注意,未显式设置“connect src”,因此使用“default src”作为回退。谢谢