Flex crossdomain.xml 在 Chrome/Firefox 中无法正常工作?
我在这上面花了很多时间,所以这就是我陷入困境的地方。
我正在使用调试播放器 10.1 从以下位置获取 XMLA 请求:
http://localhost/dir/blah.swf
到:
http://localhost/olapbin/msblah.dll
这在文件系统中运行良好,但现在它在 IIS7 Web 服务器上。
经过大量摆弄 crossdomain.xml 文件后,我决定将
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
其放置在:
http://localhost/crossdomain.xml
并阅读:
Security.loadPolicyFile("http://localhost:80/crossdomain.xml");
我设置策略文件日志记录(这有助于提出上述文件) 在 IE8 上一切正常。我得到:
OK: Root-level SWF loaded: http://127.0.0.1/akts/ThinSlicerRunner.swf
OK: Policy file accepted: http://localhost/crossdomain.xml
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at http://localhost/olapbin/msmdpump.dll by requestor from http://127.0.0.1/akts/ThinSlicerRunner.swf
OK: Searching for <allow-http-request-headers-from> in policy files to authorize header sending to URL http://localhost/olapbin/msmdpump.dll by requestor from http://127.0.0.1/akts/ThinSlicerRunner.swf
OK: Request for resource at http://localhost/olapbin/msmdpump.dll by requestor from http://127.0.0.1/akts/ThinSlicerRunner.swf is permitted due to policy file at http://localhost/crossdomain.xml
在 Chrome 和 Firefox 上,我只是得到:
OK: Root-level SWF loaded: http://localhost/akts/ThinSlicerRunner.swf
OK: Policy file accepted: http://localhost/crossdomain.xml
没有其他的...没有尝试授权 httpservice 请求。
在主要的 Flex 错误日志中,我得到:
*** Security Sandbox Violation ***
Connection to
http://localhost/olapbin/msmdpump.dll
halted - not permitted from http://localhost/akts/ThinSlicerRunner.swf
当我从 IE8 运行相同的东西时,不会出现。 知道发生了什么事吗?
按要求...更多代码
主要发送请求:
var connection:TsConnection = this.__connection;
var token:AsyncToken = new AsyncToken(null);
connection.service.request = this.__curSoapRequest;
var actualToken:AsyncToken = connection.service.send();
__tokenArr.push(actualToken);
var responder:AsyncResponder = new AsyncResponder(resultHandler, faultHandler, actualToken);
__responderArr.push(responder);
actualToken.addResponder(responder);
连接对象亮点:
public function init():void {
//Initialize the service object needed to query the server
this.__service = new HTTPService;
this.__service.method = "POST";
this.__service.contentType = "application/xml";
this.__service.resultFormat = "e4x";
this.__service.headers = getHeaders();
this.__service.url = this.__model.xmlaUrl;
this.__initialized = true;
}
public function get service():HTTPService {
return this.__service;
}
private function getHeaders():Object {
var o:Object = {};
o["SOAPAction"] = '"urn:schemas-microsoft-com:xml-analysis:Discover"';
o["Content-Type"] = "text/xml";
return o;
}
感谢您的帮助...希望这可以帮助其他人修复。 ;-)
I've spent quite a bit of time on this so here's where I'm stuck.
I'm using the debug player 10.1 to get an XMLA request from:
http://localhost/dir/blah.swf
to:
http://localhost/olapbin/msblah.dll
This worked fine in the filesystem, but now its on an IIS7 web server.
After a lot of fiddling with the crossdomain.xml file I settled on:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
which is placed in:
http://localhost/crossdomain.xml
and read with:
Security.loadPolicyFile("http://localhost:80/crossdomain.xml");
I setup Policy file logging (which helped come up with the above file)
and on IE8 its all working just fine. I get:
OK: Root-level SWF loaded: http://127.0.0.1/akts/ThinSlicerRunner.swf
OK: Policy file accepted: http://localhost/crossdomain.xml
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at http://localhost/olapbin/msmdpump.dll by requestor from http://127.0.0.1/akts/ThinSlicerRunner.swf
OK: Searching for <allow-http-request-headers-from> in policy files to authorize header sending to URL http://localhost/olapbin/msmdpump.dll by requestor from http://127.0.0.1/akts/ThinSlicerRunner.swf
OK: Request for resource at http://localhost/olapbin/msmdpump.dll by requestor from http://127.0.0.1/akts/ThinSlicerRunner.swf is permitted due to policy file at http://localhost/crossdomain.xml
On Chrome and Firefox I just get:
OK: Root-level SWF loaded: http://localhost/akts/ThinSlicerRunner.swf
OK: Policy file accepted: http://localhost/crossdomain.xml
and nothing else... no attempts to authorize the httpservice requests.
In the main flex error log I get:
*** Security Sandbox Violation ***
Connection to
http://localhost/olapbin/msmdpump.dll
halted - not permitted from http://localhost/akts/ThinSlicerRunner.swf
Which doesn't appear when I run the same thing from IE8.
Any idea what's going on ??
AS REQUESTED... MORE CODE
Main sending request:
var connection:TsConnection = this.__connection;
var token:AsyncToken = new AsyncToken(null);
connection.service.request = this.__curSoapRequest;
var actualToken:AsyncToken = connection.service.send();
__tokenArr.push(actualToken);
var responder:AsyncResponder = new AsyncResponder(resultHandler, faultHandler, actualToken);
__responderArr.push(responder);
actualToken.addResponder(responder);
Connection object highlights:
public function init():void {
//Initialize the service object needed to query the server
this.__service = new HTTPService;
this.__service.method = "POST";
this.__service.contentType = "application/xml";
this.__service.resultFormat = "e4x";
this.__service.headers = getHeaders();
this.__service.url = this.__model.xmlaUrl;
this.__initialized = true;
}
public function get service():HTTPService {
return this.__service;
}
private function getHeaders():Object {
var o:Object = {};
o["SOAPAction"] = '"urn:schemas-microsoft-com:xml-analysis:Discover"';
o["Content-Type"] = "text/xml";
return o;
}
Thanks for your help ... hope this helps others when fixed. ;-)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
感谢大家的回答。确实可以在代码中解决
即使这不完全是一个真正的编码问题。
这是我从中读取配置详细信息的 xml 数据文件:
现在在“localTrusted”或“localWithNetworking”设置上,这工作得很好。
即使在“远程”模式下,它也适用于 IE8 Flash 播放器。
然而,发生的情况是 xmlaUrl 被读取为:(
开头有换行符和回车符)
这就是域名检查和沙盒违规的混淆之处
在“远程”安全沙箱中运行时。
当然,我的xml应该更好,也许放入一些忽略白色
代码中的空间处理,但仍然有些奇怪,不一致
Netscape 兼容浏览器 (10.1.x) 中 Flash 播放器代码的行为。
因此,最终的可行解决方案如下所示:
不过,我确实在此过程中成为了 crossdomain.xml 专家。 ;-)
不过,现在我根本不需要该文件。
请记住,如果您看到一些疯狂且无法解释的沙盒违规行为,请检查
您的服务网址中存在空格。
Thanks for everyone's answers. It was indeed able to be solved in the code
even if it wasn't exactly a true coding problem.
Here is the xml data file I was reading the configuration details from:
Now on the "localTrusted" or "localWithNetworking" setup, this was working just fine.
It also works on the IE8 Flash player even in "remote".
However, what was happening was that the xmlaUrl was being read as:
(with the newline and carriage return at the start)
This is was what was confusing the domain checking and throwing a Sandbox Violation
when run in the "remote" security sandbox.
Of course, my xml should have been better, and maybe put in some ignore white
space processing in the code, but still its quite some bizarre, inconsistent
behavior from the Flash player code in Netscape compatible browsers (10.1.x).
So the final, working solution looks like this:
I did become a crossdomain.xml expert in the process though. ;-)
Although, now I don't need the file at all.
Bear it in mind if you see some crazy unexplained Sandbox Violations, check for
white space in your service url.
如果您的 DLL 后端服务和 SWF 由同一域提供服务,则应该允许。 crossdomain.xml 文件中的任何内容都不适用。您也不应该手动加载跨域文件。听起来这就是你正在尝试做的事情。
我怀疑您的代码还发生了其他问题。
If your DLL backend service and SWF are served from the same domain, it should be allowed. Nothing in the crossdomain.xml file should apply. You should not have to load the crossdomain file manually either. It sounds like that is what you're trying to do.
I suspect something else is going on with your code.