coolboywcm opened a new issue, #2783:
URL: https://github.com/apache/apisix-dashboard/issues/2783
### Issue description
when I wrote a method on some page to send a cross domain requests
for example
pageFile:
/usr/local/apisix/dashboard/html/index.html
code:
const xhr = new XMLHttpRequest();
xhr.open('POST', 'http://127.0.0.100:8000/api/data', true);
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.send(JSON.stringify({ username: 'xxx', password: 'xxx' }));
deployment page url:
http://127.0.0.100:9000
response err: Refused to connect to 'http://127.0.0.100:8000/api/data'
because it violates the following Content Security Policy directive:
"default-src 'self'". Note that 'connect-src' was not explicitly set, so
'default-src' is used as a fallback.
when I deployment the same page file to Tomcat, visit
http://127.0.0.100:8080/index.html
response success!
### Expected behavior
Is the Apisix web container not supply cross domain requests?
### How to Reproduce
1.add my cross domain requests code in file
/usr/local/apisix/dashboard/html/index.html
2.visit page http://127.0.0.100:9000
### Screenshots
index.html:
index.html path:
error:
### Environment
- apisix version (3.1.0):
- OS (CentOS Linux release 7.6.1810):
- etcd version, if relevant ("etcd_version":"3.4.0"):
- APISIX Dashboard version, if relevant(3.0.0)
### Additional context
_No response_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
