设置 contentSecurityPolicy 允许浏览器从 http：// localhost：4200 到 http://www.example.com 。

如果您没有此设置，您将看到如下错误：

If you didn't have this set, you would be seeing an error like:

[仅限报告]拒绝连接到 http://www.example.com/ '因为它违反了以下内容安全策略指令：connect-src'self' http：// localhost ：* ws：// localhost：* ws：// localhost：35729 ws：//0.0.0.0：35729。

[Report Only] Refused to connect to 'http://www.example.com/' because it violates the following Content Security Policy directive: "connect-src 'self' http://localhost:* ws://localhost:* ws://localhost:35729 ws://0.0.0.0:35729".

请求，如果 http://www.example.com 不包含实际允许的特定标题 http：// localhost：4200 来提出这些请求，浏览器会发出错误..

After doing the request, if http://www.example.com doesn't contain a particular header that actually allows http://localhost:4200 to make these requests, the browser throws an error..

有关更多信息，请查看以下问题： Access-Control-Allow-Origin标头如何工作？

For more information take a look at this question: How does Access-Control-Allow-Origin header work?

如果您使用Ember CLI进行开发，您可以将所有ajax请求代理到 http://www.example.com/ 使用：

If you're using Ember CLI for development you can proxy all ajax requests to http://www.example.com/ using:

ember server --proxy http://www.example.com/

但是，移动时这不能解决您的问题到生产。您将需要一些其他解决方案。

But this doesn't solve your problem when moving to production. You will need some other solution for that.