Flash 10中跨域domain.xml文件的问题

时间:2011-04-26 01:36:57

标签: flash actionscript-3 security crossdomain.xml

我觉得好像我正撞在这个墙上撞墙。我试过(我认为)跨域xml文件的每个变体都没有成功。我似乎无法使我的跨域Loader()请求工作,无论我尝试什么。以下是我的policyfiles.txt日志文件的输出

OK: Root-level SWF loaded: http://cool.com:81/WEBPLAYERAS3.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/a61d36278cc44cd1a0b8fa10f3edc914.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/ba8d7a1701954a6cb03e7aaf12a26a2b.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/91f6f184518247f0916692286dd7101a.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
OK: Policy file accepted: https://replayservice2.secretdomain.com/crossdomain.xml
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/a61d36278cc44cd1a0b8fa10f3edc914.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/ba8d7a1701954a6cb03e7aaf12a26a2b.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/91f6f184518247f0916692286dd7101a.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.

这是我的crossdomain.xml文件:

<cross-domain-policy xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*" secure="true"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

请注意,实际域名已替换为secretdomain.com。

我正在做的就是在AS3中检索图像并将它们分配给位图。

更新

从不安全的服务器调用我们的安全服务器时,似乎只会出现此问题。这是禁止的,还是有办法解决这个问题?

6 个答案:

答案 0 :(得分:3)

您的更新可以解答您的整个问题:
“从不安全的服务器调用我们的安全服务器时,似乎只会发生这个问题。这是否被禁止,或者是否有解决方法?”

特别是当我们查看您的政策文件的重要部分时:

<allow-access-from domain="*" secure="true"/>

'secure = True'部分意味着您非常明确地不允许调用mix-n-match安全连接和不安全连接,它们必须都是安全的。通过在那里拥有“真正的”价值,你就是那个禁止它的人。当然,解决方法是将其设置为'secure = False',就像在此处发布的其他几个策略文件一样。

答案 1 :(得分:2)

如果您尝试从http端口与https端口进行通信,则会出现“swf因缺少策略文件权限而被拒绝”以避免此类错误,您可以在crossdomain中包含以下标记.XML 

  < allow-access-from domain="*" secure="false" to-ports="*" >

这解决了“安全沙箱违规”

如果您收到警告msg “未指定元策略。应用默认元策略'master-only'。”将以下标记放在crossdomain.xml中

 < site-control permitted-cross-domain-policies="all" >

答案 2 :(得分:1)

如果有帮助,我已经加入了我们的跨域政策。我们唯一不同的是站点控制标签。

<cross-domain-policy xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <site-control permitted-cross-domain-policies="all"/> 
   <allow-http-request-headers-from domain="*"/> 
   <allow-access-from domain="*" secure="false" to-ports="*"/>
</cross-domain-policy>

答案 3 :(得分:0)

我是一个ActionScript noobie,但是Security.allowDomain("domain.com")做了诀窍吗?

答案 4 :(得分:0)

我在你发布的内容中看到了

OK: Root-level SWF loaded: http://cool.com:81/WEBPLAYERAS3.swf

这告诉我你的swf正在装载到端口81上 您在哪个端口上发布了跨域? 这对于您正在使用的每个端口都有一个非常重要。

答案 5 :(得分:0)

除了在'allow-access-from'标记中设置secure =“false”之外,还要在'allow-http-request-headers-from'标记中设置secure =“false”。您的crossdomain.xml应如下所示 - 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"  secure="false"/>
</cross-domain-policy>
相关问题
最新问题