如何阻止 ustream 的嵌入式视频播放器从 https 抛出动作脚本错误?
我正在开发一个应用程序,可以从 ustream 的分水岭流式传输实时视频。 (watershed.ustream.tv)
嵌入式播放器可以正常工作,直到我将其置于 ssl 后面。 Chrome 显示 ssl 已损坏...但不会引发错误。 IE8 没有显示任何错误,但 Firefox 抛出动作脚本错误:
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://cdn1.ustream.tv/swf/4/viewer.rsl.567.swf? cannot load data from https://sb.scorecardresearch.com/p?assorted-querystring-parameters-removed-for-SO-post
at tv.ustream.viewer.logic.media::Recorded/comScoreBeacon()
at tv.ustream.viewer.logic.media::Recorded/createConviva()
at tv.ustream.viewer.logic.media::Channel/connect()
at tv.ustream.viewer.logic.media::Channel/parseGwResponse()
at tv.ustream.viewer.logic.media::Recorded/onGwResult()
我正在使用的嵌入代码来自 ustream 的分水岭...我只修改了 with 和 height:
<object classid="clsid:000000000000000000000000" width="685" height="476" id="000000">
<param name="flashvars" value="autoplay=false&brand=embed&cid=000000%2FXXXXchannelinfoXXXX&locale=en_US"/>
<param name="allowfullscreen" value="true"/>
<param name="allowscriptaccess" value="always"/>
<param name="movie" value="http://www.ustream.tv/flash/live/0000/XXXXchannelinfoXXXX"/>
<embed
flashvars="autoplay=false&brand=embed&cid=000%2FXXXXchannelinfoXXXX&locale=en_US"
width="685"
height="476"
allowfullscreen="true"
allowscriptaccess="always"
id="0000000000"
name="0000000000"
src="http://www.ustream.tv/flash/live/000/XXXXchannelinfoXXXX" type="application/x-shockwave-flash"/>
</object>
所以我需要弄清楚如何将其嵌入到 ssl 后面没有它抛出动作脚本错误...有什么想法吗?
I am developing an application that streams live video from ustream's watershed. (watershed.ustream.tv)
The embedded player works until I put it behind an ssl. Chrome shows the ssl as broken... but doesn't throw an error. IE8 doesn't show anything wrong, but firefox throws actionscript errors:
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://cdn1.ustream.tv/swf/4/viewer.rsl.567.swf? cannot load data from https://sb.scorecardresearch.com/p?assorted-querystring-parameters-removed-for-SO-post
at tv.ustream.viewer.logic.media::Recorded/comScoreBeacon()
at tv.ustream.viewer.logic.media::Recorded/createConviva()
at tv.ustream.viewer.logic.media::Channel/connect()
at tv.ustream.viewer.logic.media::Channel/parseGwResponse()
at tv.ustream.viewer.logic.media::Recorded/onGwResult()
The embed code that I'm using came from ustream's watershed... I only modified the with and height:
<object classid="clsid:000000000000000000000000" width="685" height="476" id="000000">
<param name="flashvars" value="autoplay=false&brand=embed&cid=000000%2FXXXXchannelinfoXXXX&locale=en_US"/>
<param name="allowfullscreen" value="true"/>
<param name="allowscriptaccess" value="always"/>
<param name="movie" value="http://www.ustream.tv/flash/live/0000/XXXXchannelinfoXXXX"/>
<embed
flashvars="autoplay=false&brand=embed&cid=000%2FXXXXchannelinfoXXXX&locale=en_US"
width="685"
height="476"
allowfullscreen="true"
allowscriptaccess="always"
id="0000000000"
name="0000000000"
src="http://www.ustream.tv/flash/live/000/XXXXchannelinfoXXXX" type="application/x-shockwave-flash"/>
</object>
So I need to figure out how to embed this behind an ssl without it throwing actionscript errors... any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
简短的回答是;你不能。
经过许多天的与他们的播放器闲逛、浏览他们的文档、在论坛上发帖、研究动作脚本、下载他们的示例 fla 文件并修改它们之后,ustream 上的分水岭在从 ssl 后面提供服务时总是容易受到攻击。
有关详细信息,请参阅此帖子:当页面通过 https 传递安全和非安全项目时,安全项目是否会受到损害?
The short answer is; You can't.
After many days of of monkeying around with their player, looking through their docs, posting in forums, researching actionscript, and downloading their sample fla files and tinkering with them, watershed on ustream will always be vulnerable when it is served from behind an ssl.
For more information, see this post: When a page delivers secure and non-secure items over https, are the secure items compromised?