由于缺乏策略文件权限而被拒绝

发布于 2024-08-17 05:23:53 字数 929 浏览 6 评论 0原文

我无法访问我的雅虎！要运行的应用程序平台我不断被拒绝访问，即使他们的策略文件接受来自任何域的请求。

OK: Policy file accepted: http://social.yahooapis.com/crossdomain.xml
Error: Request for resource at http://social.yahooapis.com/v1/user/<user id>/profile?oauth_signature_method=HMAC-SHA1&lang=en-US&oauth_consumer_key=<key>&oauth_token=<long ass token>&oauth_version=1.0&format=json&oauth_nonce=<blah blah>&oauth_timestamp=1262846353&region=US&oauth_signature=<foo bar> by requestor from http://<my domain>/YOSSimple.swf is denied due to lack of policy file permissions.

顺便说一句，该网址有效，我编辑了一些内容，因为它有我的密钥和内容。

指向我正在尝试做的事情的链接

http://developer.yahoo.com/flash/yos/
http://developer.yahoo.com/flash/yos/examples/simple/YOSSimple.fla

YOSSimple 实际上会正确创建 URL，因为如果我在浏览器中键入它，系统会提示我是否要下载包含有关我的个人资料的信息的文件。

但它只是无法在 Flash 中打开它。

原文

I can't get my Yahoo! Application Platform to run I keep getting denied access even though their policy file accepts requests from any domain.

OK: Policy file accepted: http://social.yahooapis.com/crossdomain.xml
Error: Request for resource at http://social.yahooapis.com/v1/user/<user id>/profile?oauth_signature_method=HMAC-SHA1&lang=en-US&oauth_consumer_key=<key>&oauth_token=<long ass token>&oauth_version=1.0&format=json&oauth_nonce=<blah blah>&oauth_timestamp=1262846353®ion=US&oauth_signature=<foo bar> by requestor from http://<my domain>/YOSSimple.swf is denied due to lack of policy file permissions.

The url works btw, I editted some stuff out since it has my keys and stuff.

Links to the stuff I'm trying to do

http://developer.yahoo.com/flash/yos/
http://developer.yahoo.com/flash/yos/examples/simple/YOSSimple.fla

YOSSimple properly creates the url actually since if I type it in my browser I'm prompted if I want to download the file that contains information regarding my profile.

But it just wont open it in Flash.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

走野 2024-08-24 05:23:53

我猜它不会自动加载策略文件。你应该尝试使用
Security.loadPolicyFile("http://social.yahooapis.com/crossdomain.xml");

您是否安装了网络代理，可以通过它监控到底加载了哪些文件？我最喜欢的是 Charles 但也有免费的 FF 插件，例如 Httpfox

编辑：
我想我知道出了什么问题。相反，这是错误的，来自 yahoo 的 swf 正在尝试访问您的 swf，但没有正确的权限。你会尝试吗

Security.allowDomain( 'http://social.yahooapis.com/' );

I'm guessing that it's not loading the policy file automatically. You should try using
Security.loadPolicyFile("http://social.yahooapis.com/crossdomain.xml");

Do you have a webproxy installed with which you can monitor what files exactly are loaded? My favorite is Charles but there are also free FF plugins like Httpfox

EDIT:
I think I know what's going wrong. It's going wrong the other way around, the swf from yahoo is trying to access your swf, but doesn't have the correct permissions. Would you try

Security.allowDomain( 'http://social.yahooapis.com/' );

回复收藏 0 原文

独享拥抱 2024-08-24 05:23:53

http://www.ieinspector.com/httpanalyzer/

使用 HTTP 分析器查看发生了什么？

还要检查您的 http://www 是否不匹配。与 http:// 一样，因为 flash 将它们视为不同的域，

而且您是否在计算机上本地运行代码。这可能是您本地的安全设置

回复收藏 0 原文

笑叹一世浮沉 2024-08-24 05:23:53

一个简单的 WebProxy 可以解决这个问题：

<?php
    // PHP Proxy
    // Loads a XML from any location. Used with Flash/Flex apps to bypass security restrictions
    // usage: proxy.php?url=http://mysite.com/myxml.xml

    $session = curl_init($_GET['url']);                    // Open the Curl session
    curl_setopt($session, CURLOPT_HEADER, false);          // Don't return HTTP headers
    curl_setopt($session, CURLOPT_RETURNTRANSFER, true);   // Do return the contents of the call
    $xml = curl_exec($session);                            // Make the call
    header("Content-Type: text/xml");                  // Set the content type appropriately
    echo $xml;        // Spit out the xml
    curl_close($session); // And close the session
?>

A simple WebProxy will fix this:

<?php
    // PHP Proxy
    // Loads a XML from any location. Used with Flash/Flex apps to bypass security restrictions
    // usage: proxy.php?url=http://mysite.com/myxml.xml

    $session = curl_init($_GET['url']);                    // Open the Curl session
    curl_setopt($session, CURLOPT_HEADER, false);          // Don't return HTTP headers
    curl_setopt($session, CURLOPT_RETURNTRANSFER, true);   // Do return the contents of the call
    $xml = curl_exec($session);                            // Make the call
    header("Content-Type: text/xml");                  // Set the content type appropriately
    echo $xml;        // Spit out the xml
    curl_close($session); // And close the session
?>

回复收藏 0 原文

花桑 2024-08-24 05:23:53

修改上面的 Web 代理示例以支持多个选项，如下所示：

$sOptions = "";

foreach($_GET as $sIndex => $sValue) {
  if ($sIndex == 'url') {
    $url = $sValue;
  } 
  else {
    if (strlen($sIndex) > 0) {
      $sOptions .= "&" . $sIndex;
    }
    if (strlen($sValue) > 0) {
      $sOptions .= "=" . $sValue;
    }
  }
}

$url .= $sOptions;

$session = curl_init($url); // Open the Curl session

Modify the web proxy example above to support multiple options as follows:

$sOptions = "";

foreach($_GET as $sIndex => $sValue) {
  if ($sIndex == 'url') {
    $url = $sValue;
  } 
  else {
    if (strlen($sIndex) > 0) {
      $sOptions .= "&" . $sIndex;
    }
    if (strlen($sValue) > 0) {
      $sOptions .= "=" . $sValue;
    }
  }
}

$url .= $sOptions;

$session = curl_init($url); // Open the Curl session

回复收藏 0 原文

~没有更多了~