是否有可靠的方法来确保为所有 Facebook 图像服务器检索跨域策略文件?
我最近开始组装 Facebook Connect AS3 应用程序并通过 Graph API 检索对象和图像。
在本地以外的任何地方运行,我收到以下形式的安全错误:
SecurityError:错误 #2122:安全沙箱违规:Loader.content:xxxx 无法访问 http:/ /photos-a.ak.fbcdn.net/xxxx.jpg 需要策略文件,但加载此媒体时未设置 checkPolicyFile 标志。
如果我添加一行以下形式:
Security.loadPolicyFile("ht_tp://photos-a.ak.fbcdn.net/crossdomain.xml");
-那么我适合该服务器,但似乎有许多具有照片-[字母]格式的域。我已经为字母表中的每一个添加了一个 - 它很高兴成功地检索跨域文件 - 但这似乎不是一个很好的解决方案,并且不适应 Facebook may 将实施的任何新托管设置将来。
我考虑过的一件事是在每个图像的基础上检索跨域策略文件,在发出图像请求之前从图像 URL 捕获域。不幸的是,至少通过 Graph 解决方案(我没有太仔细地研究其他解决方案),他们的服务器在发出请求后解析图像 url,从更通用的东西,如:
ht_tps://graph.facebook.com/[objectId]/picture?type=small&access_token=[accessToken]
有没有人找到更可靠的方法来确保可以在不违反安全沙箱的情况下检索图像?或者 Facebook 是否保留了开发者需要关注的明确列表?
谢谢!
I've recently started putting together a Facebook Connect AS3 app and retrieving objects and images through the Graph API.
Running anywhere but locally, I receive security errors of the form:
SecurityError: Error #2122: Security sandbox violation: Loader.content: xxxx cannot access http://photos-a.ak.fbcdn.net/xxxx.jpg
A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
If I add a line of the form:
Security.loadPolicyFile("ht_tp://photos-a.ak.fbcdn.net/crossdomain.xml");
-then I'm fine for that server, but it seems that there are any number of domains with the photos-[letter] format. I've added the one for each in the alphabet - which happily retrieves crossdomain files successfully - but it doesn't seem like a nice solution, and doesn't accommodate any new hosting setups Facebook may will implement in the future.
One thing I'd considered was retrieving the crossdomain policy file on a per image basis, capturing the domain from the image URL before making the image request. Unfortunately, at least via the Graph solution (and I haven't looked too closely at the others), their servers resolve the image url after the request is made, from something more generic like:
ht_tps://graph.facebook.com/[objectId]/picture?type=small&access_token=[accessToken]
Has anyone found a more dependable means of ensuring that images can be retrieved without security sandbox violations? Or do Facebook maintain a definitive list that developers need to keep an eye on?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在应用程序的开头加载 facebook 跨域,如下所示;
然后每当你想从 facebook 加载图像时,使用 Loader 的 LoaderContext 将 checkPolicy 标志设置为 true ,如下所示;
Load the facebook crossdomains on the initial of your application as below;
and then whenever you want to load an image from facebook, set the checkPolicy flag to true using the Loader's LoaderContext as below;
理想情况下,我猜测您希望 Flash 自行获取策略文件,而不是使用
Security.loadPolicyFile触发它。您是否尝试过简单地为 Loader 的 LoaderContext 设置checkPolicyFile标志?另外,我相信当您使用
URLLoader而不是Loader时,Flash 会自动请求策略文件,因此您也可以尝试一下。棘手的是,如果您使用Loader,即使没有跨域策略,Flash 也会让您显示已加载的内容,因此除非您告诉它,否则它不会加载。当您使用URLLoader时,除非存在策略文件,否则不允许加载本身,因此 Flash 会自动获取它。Ideally I would guess that you'd want Flash to get the policy file on its own, rather than triggering it with
Security.loadPolicyFile. Have you tried simply setting thecheckPolicyFileflag for your Loader'sLoaderContext?Alternately, I believe that when you use
URLLoaderinstead ofLoader, Flash will request a policy file automatically, so you could try that as well. The tricky thing is that if you useLoader, Flash will let you display what you've loaded even without a crossdomain policy, so it doesn't load one unless you tell it to. When you useURLLoader, the load itself is not allowed unless there's a policy file, so Flash gets it automatically.