在非根目录中刷新 crossdomain.xml
我有一个在 http://server/abc/service 中运行的 Web 服务,Flash 从不同的域。我将跨域策略文件部署到 http://server/abc/crossdomain.xml 并制作了Flash 使用以下方式加载它:
flash.system.Security.loadPolicyFile("http://server/abc/crossdomain.xml");
在主影片剪辑的构造函数中。但是,当 Flash 启动时,它会请求并加载该文件(在 Firebug 中观察到),但随后它还会从服务器的根目录请求该文件(即从 http://server/crossdomain.xml) 不存在。后续 HTTP 请求不起作用,报告安全跨域错误。当我将策略文件放入服务器的根目录时,一切正常。
为什么它从根目录请求策略文件,甚至认为它是从子目录加载的?为什么子目录策略文件不够用?
我还应该注意到,这两个策略文件是在发出任何应用程序 HTTP 请求之前加载的。
I have a web service running in http://server/abc/service which is being accessed by Flash from a different domain. I deployed a cross domain policy file to http://server/abc/crossdomain.xml and made the Flash load it using:
flash.system.Security.loadPolicyFile("http://server/abc/crossdomain.xml");
in the constructor of the main movie clip. However, when the Flash starts, it requests and loads this file (observed in Firebug), but then it also requests it from the root of the server (i.e. from http://server/crossdomain.xml) which does not exist. Subsequent HTTP requests don't work reporting security cross domain errors. When I put the policy file to the root of the server, it all works.
Why does it request the policy file from the root as well even thought it loads it from the subdirectory? Why the subdirectory policy file is not enough?
I should also note that the two policy files are loaded before any application HTTP requests are issued.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为它必须验证主策略文件是否允许备用策略文件设置权限。
这是一篇有趣的文章,其中包含一些小知识:
I think it has to verify that the master policy file allows the alternate policy file to set permissions.
Here's an interesting article with this little tidbit:
策略文件必须位于服务器上的 Web 根目录中。这是为了确保可能控制服务器上子文件夹的人无法运行“官方”站点(例如根)不支持的策略。
A policy file has to be in the root Web directory on the server. That's to ensure that someone who perhaps controls a sub-folder on the server can't run a policy that the "official" site (eg; the root) doesn't support.