Flex:尝试访问 Google Checkout 时出现安全错误
我正在尝试将 Flex 应用程序与 Google Checkout 集成,在我的本地计算机上运行良好的代码在我的网站上进行测试时抛出安全错误。
这是错误:
Warning: Failed to load policy file from https://sandbox.google.com/crossdomain.xml
*** Security Sandbox Violation ***
Connection to https://sandbox.google.com/checkout/api/checkout/v2/request/Merchant/12345 halted - not permitted from http://www.mysite.com/demo/cartTest/main.swf
ERROR (flash.events::SecurityErrorEvent)#0
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#1
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text"
eventPhase = 2
target = (flash.net::URLLoader)#1
text = "Error #2170: Security sandbox violation: http://www.mysite.com/demo/cartTest/main.swf cannot send HTTP headers to https://sandbox.google.com/checkout/api/checkout/v2/request/Merchant/12345."
type = "securityError"
Error: Request for resource at https://sandbox.google.com/checkout/api/checkout/v2/request/Merchant/12345 by requestor from http://www.mysite.com/demo/cartTest/main.swf is denied due to lack of policy file permissions.
就像我说的,它在本地运行良好。如何解决此安全错误?
I'm trying to integrate a Flex app with Google Checkout and code that runs fine on my local machine is throwing a Security Error when I test on my site.
Here's the error:
Warning: Failed to load policy file from https://sandbox.google.com/crossdomain.xml
*** Security Sandbox Violation ***
Connection to https://sandbox.google.com/checkout/api/checkout/v2/request/Merchant/12345 halted - not permitted from http://www.mysite.com/demo/cartTest/main.swf
ERROR (flash.events::SecurityErrorEvent)#0
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#1
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text"
eventPhase = 2
target = (flash.net::URLLoader)#1
text = "Error #2170: Security sandbox violation: http://www.mysite.com/demo/cartTest/main.swf cannot send HTTP headers to https://sandbox.google.com/checkout/api/checkout/v2/request/Merchant/12345."
type = "securityError"
Error: Request for resource at https://sandbox.google.com/checkout/api/checkout/v2/request/Merchant/12345 by requestor from http://www.mysite.com/demo/cartTest/main.swf is denied due to lack of policy file permissions.
Like I said, it runs fine locally. How can I get around this security error?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
为了解决这个问题,我在 Flex 中组装了一个 html 表单,然后将其传递给页面上的 js,将其附加到页面上的空表单中,然后提交该表单。我将表单隐藏起来,以便所有 UI 输入和操作都发生在 swf 中。我不喜欢它,但我会忍受它。
To get around this one, I assembled an html form in Flex and then passed it out to the js on the page, had it appended to an empty form on the page and then submitted the form. I'm keeping the form hidden so all of the UI input and actions happen in the swf. I don't love it but I'll live with it.
crossdomain.xml 文件是一种安全约束,通常旨在防止恶意行为。当您在本地运行 SWF 时,权限会有所不同。
如果您向其他域发出请求,则该其他域必须托管 crossdomain.xml 文件。如果他们不这样做,那就行不通。例如,Amazon 托管 crossdomain.xml 文件。
之前的 StackOverflow 线程为您提供了一些选项。
另请参阅 Curtis Morley 的 帖子在 crossdomain.xml 文件上。
The crossdomain.xml file is a security constraint generally designed to prevent malicious behaviors. The permissions are different when you run the SWF locally.
If you are making a request to a different domain, that other domain must host a crossdomain.xml file. If they do not, it will not work. Amazon, for example, hosts a crossdomain.xml file.
This prior StackOverflow thread gives you some options.
Also see Curtis Morley's post on crossdomain.xml files.
您正在从
http:加载 swf 并尝试访问https:URL。默认情况下,这将被阻止(错误#2170)。
为了使其正常工作,目标域(您尝试从 Flash 访问的域)应该有一个允许不安全访问的
/crossdomain.xml(secure="false")。如果您可以在您的目标 URL 的根目录(即 https://sandbox.google.com/crossdomain.xml有关安全标志的更多信息:http://www.adobe.com/devnet/..../fplayer9_security.html#_Secure_Domain_Lists
You're loading an swf from
http:and trying to access anhttps:URL.By default this will be blocked (error #2170).
To make it work the target domain (the one you're trying to access from Flash) should have a
/crossdomain.xmlwhich allows insecure access (secure="false"). The followingcrossdomain.xmlwould have worked in your case if only you could make it accessible at the root of your target URL, i.e. https://sandbox.google.com/crossdomain.xmlMore about the secure flag here: http://www.adobe.com/devnet/..../fplayer9_security.html#_Secure_Domain_Lists