将大型 swf 移动到 S3 会导致安全问题

发布于 2024-09-26 20:58:27 字数 691 浏览 6 评论 0原文

我继承了一个完全用 Flash 构建的网站,主 swf 有 4.5MB 大(哎呀!)。正如您可能猜到的那样,这给我的客户带来了巨额托管费用。为了解决这个问题,我想将这个整体 swf 移动到 Amazon S3,但是,这会导致安全问题。

这就是当前加载大型 swf 的方式; mydomain.com 上的 loader.swf 正在从 s3.amazonaws.com 加载大型 swf。然而,这是有效的,大型 swf 依次从 mydomain.com 加载资源。我希望,由于 loader.swf(在我的域上)正在加载大型 swf,因此大型 swf 将存在于 loader.swf 的上下文中。

我尝试在两个 swf 中放置一个 Security.allowDomain 指向彼此的域,但这似乎并不能解决问题。我目前正在尝试解决的错误是:

-- Remote SWFs may not access local files.
SecurityError: Error #2148: SWF file https://s3.amazonaws.com/static.mydomain.com/verylarge.swf cannot access local resource 

任何解决此问题的帮助将不胜感激。

I have inherited a website which is build entirely in Flash and the main swf is 4.5MB large (ouch!). As you might guess this has caused a large hosting bill for my client. To solve the issue somewhat I want to move this monolithic swf to Amazon S3, however, this is causing security issues.

This is how the larget swf is currently being loaded; A loader.swf on mydomain.com is loading the large swf from s3.amazonaws.com. This works, however, the large swf is in turn loading assets from mydomain.com. I was hoping that since the loader.swf (on my domain) is loading the large swf, that the large swf would live in the context of the loader.swf.

I have tried putting a Security.allowDomain in both swf's pointing to each others domains but this doesn't seem to solve the issue. The error that I'm currently trying to solve is:

-- Remote SWFs may not access local files.
SecurityError: Error #2148: SWF file https://s3.amazonaws.com/static.mydomain.com/verylarge.swf cannot access local resource 

Any help tackling this problem would be greatly appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

甜味拾荒者 2024-10-03 20:58:27

您可能需要 S3 上的跨域策略文件,以允许从您的域进行访问

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
  "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="yourdomain.com"/>
  <allow-access-from domain="s3.amazonaws.com/static.mydomain.com"/>
</cross-domain-policy>

You may need a crossdomain policy file on S3 , allowing access from your domain

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
  "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="yourdomain.com"/>
  <allow-access-from domain="s3.amazonaws.com/static.mydomain.com"/>
</cross-domain-policy>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文