dovs36921
dovs36921
2016-12-29 17:10
浏览 47
已采纳

php-cordova:安全的后端文件

I am using cordova to create a android app and i am using php-mysql as backend.

I am fetching/sending data from database by ajax. As you know we can't fetch the data directly due to CORS issue. to fetch the data remotly we need to add header("Access-Control-Allow-Origin: *");

Problem is it makes my backend exposed. Because any one can try to fetch the data from backend. Which i don't want.

Please advise how can i make it secure.

Thanks

图片转代码服务由CSDN问答提供 功能建议

我使用 cordova 创建一个Android应用程序,我正在使用 php -mysql 作为后端。

我是通过ajax从数据库中获取/发送数据。 / strong>问题。 要远程获取数据,我们需要添加 标头(“Access-Control-Allow-Origin:*”);

问题是它让我的 后端曝光。 因为任何人都可以尝试从后端获取数据。 我不想要。

请告知我如何确保安全。

谢谢

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dpdp42233
    dpdp42233 2016-12-29 21:53
    已采纳

    You can remove header("Access-Control-Allow-Origin: *"); from your backend service.

    After that for your cordova application you need to install whitelist plugin and to config it.

    Add this in your config.xml:

    <access origin="*" />
    <allow-navigation href="*"/>
    

    Include Content-Security-Policy meta in your html page.

    <meta http-equiv="Content-Security-Policy" content="default-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data:">
    
    点赞 评论

相关推荐