Fine ifloader在Facebook iframe失败

时间:2013-04-20 01:27:09

标签: internet-explorer facebook-iframe fine-uploader

我构建了一个Facebook应用程序,需要一些图像上传功能,并实现它我正在使用Fine Uploader。

Facebook App本身是用WordPress构建的,一切正常。最终,WordPress网站(即应用程序)将以iframe的形式存在于Facebook上,而且事情变得越来越有趣。

当我在本地计算机上测试应用程序时,它可以运行(所有浏览器)。当我在我的暂存环境中在iframe外部测试应用程序时,它也可以运行(所有浏览器)。但是,当我在Facebook(iframe)的测试页面中测试应用程序时,图像上传失败,仅在IE中。

作为参考,我将展示我的服务器和客户端代码:

public static function upload_receiver()
{
    $uploader = new qqFileUploader();
    $uploader->allowedExtensions = array("jpg", "jpeg");
    $uploader->sizeLimit = 2024 * 1024;

    $wp_upload_dir = wp_upload_dir();
    $wp_upload_url = $wp_upload_dir['baseurl'];
    $wp_upload_base = $wp_upload_dir['basedir'];

    $upload_dir = $wp_upload_base;
    $upload_filename = md5(mt_rand())/*.'_'.$uploader->getName()*/.".jpg";

    $result = $uploader->handleUpload( $upload_dir, $upload_filename );

    // Create the WordPress image thumbs.
    $img_target = "{$upload_dir}/{$upload_filename}";

    $wp_filetype = wp_check_filetype( $img_target );

    $attachment_data = array(
        'post_mime_type' => $wp_filetype['type'], 
        'guid' => $img_target,
        'post_title' => preg_replace('/\.[^.]+$/', '', $upload_filename ),
        'post_name' => preg_replace('/\.[^.]+$/', '', $upload_filename ),
        'post_content' => '',
        'post_status' => 'inherit',
    );

    $attachment_id = wp_insert_attachment( $attachment_data, $img_target );

    $meta = wp_generate_attachment_metadata($attachment_id, $img_target);

    wp_update_attachment_metadata($attachment_id, $meta);   

    $result['attachmentId'] = $attachment_id;
    $result['imageUrl'] = htmlspecialchars( get_image_url_from_attachment_id($attachment_id, "thumb-small") );

    header("Content-Type: text/plain");
    echo json_encode( $result );

    die();
}

客户:

var el = $('#upload');
var el_img = el.find('span');

el.fineUploader( {
    uploaderType: 'basic',
    button: el,
    multiple: false,
    request: {
        endpoint: '<?php echo site_url("/wp-admin/admin-ajax.php") ?>',
        params: {
            action: 'upload_receiver'           
        }
    },
    validation: {
        allowedExtensions: ['jpeg', 'jpg']
    },
    debug: false
} ).on('upload', function(event, id, fileName, response) {
    $('.loader').show();
    $('.upload_button_container').hide();

} ).on('complete', function(event, id, fileName, response) {

    // ONLY IN IE "RESPONSE.SUCCESS" IS FALSE IN AN FB IFRAME. ALL OTHER
    // TIMES "RESPONSE.SUCCESS" IS TRUE AND ALL PROPERTIES CREATED ON THE
    // SERVER EXIST.

    $('.loader').hide();
    $('.upload_button_container').show();

    if( response.error )
    {
        alert( response.error );
        return;
    }

    // Display image coming in from the result.
    $(".img_upload_container img").attr('src', response.imageUrl).show();

    // Store the WordPress attachment Id for form submission.
    $("form input[name=bc_attachment_id]").val( response.attachmentId );
});

在过去的几个小时里,我一直在喋喋不休地谈论这个问题,而且我已经没有可能导致这个问题的想法。

修改

IE9控制台输出:

LOG: [FineUploader] Processing 1 files or inputs... 
LOG: [FineUploader] Sending upload request for 0 
SEC7111: HTTPS security is compromised by res://ieframe.dll/forbidframing.htm 
SEC7111: HTTPS security is compromised by res://ieframe.dll/ErrorPageTemplate.css 
SEC7111: HTTPS security is compromised by res://ieframe.dll/errorPageStrings.js 
SEC7111: HTTPS security is compromised by res://ieframe.dll/httpErrorPagesScripts.js 
SEC7111: HTTPS security is compromised by res://ieframe.dll/red_x.png 
SEC7111: HTTPS security is compromised by res://ieframe.dll/bullet.png 
SEC7111: HTTPS security is compromised by res://ieframe.dll/background_gradient.jpg 
LOG: [FineUploader] Received response for 0 
[FineUploader] Error when attempting to access iframe during handling of upload response (Error: Access is denied.
) 
LOG: [FineUploader] iframe loaded 
[FineUploader] Error when attempting to parse form upload response (Error: Access is denied.
)

2 个答案:

答案 0 :(得分:0)

我怀疑,问题是父窗口的域与包含响应的iframe的域不匹配。这是一种安全违规,并且没有简单的方法来访问此iframe的内容,因为它位于不同的域中。浏览器禁止这种访问。解决这个问题有点棘手,但Fine Uploader提供了一种方法。

您需要在Fine Uploader中启用CORS功能。这可能是您最好的选择,这应该可以解决您的问题。 Fine Uploader最近添加了对跨域请求的支持(版本3.3)。这在涉及iframe的IE中特别有用。实质上,您将配置您的响应以导入一个javascript文件,该文件将消息发布到包含您的响应的父窗口。这就是Fine Uploader克服跨域问题的方式。我在Fine Uploader中编写了a detailed blog post on CORS support,以及如何启用它并正确处理Fine Uploader在服务器端代码中发送的跨域请求。

如果您阅读帖子并按照服务器端说明进行操作,那么您似乎应该没事。

请注意,在您的情况下,这似乎只是您需要在IE9及更早版本中克服的问题。以下是您需要做的高级摘要:

  1. 在Fine Uploader(客户端)中打开CORS支持。
  2. 服务器端:通过查看请求中的X-Requested-With标头来识别非XHR上传请求。
  3. 如果请求未通过XHR发送,请返回内容类型为“text / html”的响应,该响应以导入“iframe.xss.response.js”的<script>标记开头来自已知位置(任何地方)的文件。在响应中的脚本标记之后,包括响应的正常有效JSON部分。

    4. 希望这有帮助。

答案 1 :(得分:0)

只需在不同的情况中添加@ Ray的答案,其中 iframe属于同一个域,但仍会收到相同的SEC7111: HTTPS security is compromised by res://ieframe.dll https环境:

对于Apache,HTTP Server

在Apache Web Server的httpd.conf文件中添加/更改以下行

Header always append X-Frame-Options SAMEORIGIN

确保未将其设置为DENY。 重新启动Web服务器

还要检查响应标题以查看上面反映的更改

相关问题
最新问题