framework7

Open full view…

CSP and CORS issue

Chin Leung
Wed, 29 Mar 2017 19:36:11 GMT

I have the CSP set to: --- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; connect-src 'self' http://myapidomain.com"> --- And when I try to send an Ajax request to the domain, I get the following error: > XMLHttpRequest cannot load http://myapidomain.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Anyone know what I have to do to allow it even without the *Access-Control-Allow-Origin* header?