您正在查看: Other-经验分享 分类下的文章

Cordova Android安全指南

内容安全政策

控制允许进行哪些网络请求(图像,XHR等)(直接通过webview)。

在Android和iOS上,网络请求白名单(见上文)无法过滤所有类型的请求(例如<video>,WebSockets未被阻止)。因此,除白名单外,您还应在所有网页上使用内容安全策略 <meta>标记。

在Android上,系统webview中对CSP的支持始于KitKat(但在使用Crosswalk WebView的所有版本上都可用)。

以下是您的.html网页的一些示例CSP声明:

<!-- Good default declaration:
    * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
    * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
    * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
        * Enable inline JS: add 'unsafe-inline' to default-src
        * Enable eval(): add 'unsafe-eval' to default-src
-->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
<!-- Allow everything but only from the same origin and foo.com -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
<!-- This policy allows everything (eg CSS, AJAX, object, frame, media, etc) except that 
    * CSS only from the same origin and inline styles,
    * scripts only from the same origin and inline styles, and eval()
-->
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
<!-- Allows XHRs only over HTTPS on the same domain. -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
<!-- Allow iframe to https://cordova.apache.org/ -->
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">

http://blog.inching.org/Cordova/2016-07-18-cordova-android-security-guide.html

ubuntu搭建个人WDCP

1. 下载wdcP

wget http://dl.wdlinux.cn/files/lanmp_v3.tar.gz

2. 解压

tar -xzvf lanmp_v3.tar.gz

3. 编译

sudo sh lanmp.sh

如果出现以下错误

编译中,开始报错:81: [: !=: unexpected operator 类似这样的编译错误,各种操作符不允许,不识别!

解决此问题的方法

sudo dpkg-reconfigure dash


选择 <NO>
然后再次编译,这个过程会很长,大概15分钟的样子~

OK,这个时候测试一下:
浏览器输入http://本地ip:8080
访问后台

默认用户名: admin
默认密码: wdlinux.cn

'elm-app' is not recognized as an internal or external command

npm i -g create-elm-app

'elm-install' is not recognized as an internal or external command

npm:

npm install elm-github-install -g

If you are experiencing EACCES: permission denied errors during installation using NPM then you can try:

sudo npm i -g elm-github-install --unsafe-perm=true --allow-root

参考来源