dovs36921 2016-12-29 17:10
浏览 51
已采纳

php-cordova:安全的后端文件

I am using cordova to create a android app and i am using php-mysql as backend.

I am fetching/sending data from database by ajax. As you know we can't fetch the data directly due to CORS issue. to fetch the data remotly we need to add header("Access-Control-Allow-Origin: *");

Problem is it makes my backend exposed. Because any one can try to fetch the data from backend. Which i don't want.

Please advise how can i make it secure.

Thanks

  • 写回答

1条回答 默认 最新

  • dpdp42233 2016-12-29 21:53
    关注

    You can remove header("Access-Control-Allow-Origin: *"); from your backend service.

    After that for your cordova application you need to install whitelist plugin and to config it.

    Add this in your config.xml:

    <access origin="*" />
    <allow-navigation href="*"/>
    

    Include Content-Security-Policy meta in your html page.

    <meta http-equiv="Content-Security-Policy" content="default-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data:">
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?