另一个 crosdomain.xml 问题或:“如何正确解释文档”
我已经阅读了很多有关 Flash Player 的新策略的内容,也了解了主策略文件。 现在想象一下以下情况: 有两台服务器在自定义端口上运行服务(http)
- servera.com:2222/websiteA
- serverb.com:3333/websiteB
现在我从服务器 a 打开一个 swf (例如 servera.com:2222/websiteA/A.swf)想要访问serverb的服务。 当然,我需要在正确的位置放置一个 crossdomain.xml,并且可能有多种变体。 我不想使用主策略文件,因为我可能无法控制两台服务器的根。
我发现的一种解决方案适用于以下跨域:
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
在 serverb.com:3333/websiteB/crossdomain.xml 提供服务
所以现在我的问题: 是否可以在允许访问规则中去掉 "*" 并使用适当的(不像 * 那么通用)域名? 我所有的尝试都失败了,据我了解,这应该是可能的。
I have read a lot about the new policy-policy of flash player and also know the master policy file.
Now image the following situation:
There are two servers with services (http) running at custom ports
- servera.com:2222/websiteA
- serverb.com:3333/websiteB
Now I open a swf from server a (eg. servera.com:2222/websiteA/A.swf) that wants to access the service of serverb.
Of course I need a crossdomain.xml at the right place and there are multiple variations possible.
I dont want to use a master policy file, as I might not have control over the root of both servers.
One solution I found works with the following crossdomain:
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
served at serverb.com:3333/websiteB/crossdomain.xml
So now for my question:
Is it possible to get rid of the "*" and use a proper (not as general as *) domainname in the allow-access-from rule?
All my attempts failed, and from what I understand it should be possible.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
尝试:(
您可能还必须指定来自域的端口 - 我已经有一段时间不需要处理跨域和端口了。
Try:
(you may have to specify the port for the from domain as well - I haven't had to deal w/ cross domain w/ ports in a while.
使用跨域策略文件时要非常小心。如果您使用 cookie 身份验证或 serverb.com 位于内部网络上,则不应使用跨域策略。或者,您可以使用 servera.com 上的代理来代理对 serverb.com 的请求。这将避免跨域请求。
您还应该使用 mm.cfg 文件设置日志记录,其中包含:
这会将错误记录到文本文件中。查看有关设置 mm.cfg 文件的详细信息。
Be very careful with crossdomain policy files. If you are using cookie auth or if serverb.com is on an internal network then you should not use a crossdomain policy. Alternatively you can use a proxy on servera.com that proxies the requests to serverb.com. That would avoid the crossdomain request.
You should also setup logging using an mm.cfg file containing:
That will log the errors to a text file. Check out more details on setting up the mm.cfg file.