jwplayer 不支持 crossdomain.xml
我在这个网站上有一个视频播放器 http://aiskacang.com/crawl/pseudo.html
播放器加载flv视频文件见来自另一个域的 .flv。 目前,即使 seeon.flv 所在的服务器中没有 crossdomain.xml,视频也可以正常加载。 这不是我想要或期望的行为。
我还尝试放置包含以下内容的 crossdomain.xml:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="none"/>
</cross-domain-policy>
从 firebug 中,我可以看到在访问视频文件(seeon.flv)之前有一个对 crossdomain.xml 的请求。 它返回内容fine,内容类型为application/xml,但它仍然允许跨域行为。
有什么想法吗?
I have a video player on this site
http://aiskacang.com/crawl/pseudo.html
The player loads a flv video file seeon.flv from another domain.
Currently, even without a crossdomain.xml in the server where seeon.flv is located, the video is loaded fine.
This is not the behavior I want or expect it to be.
I also tried putting a crossdomain.xml with the following content:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="none"/>
</cross-domain-policy>
From firebug, I could see that there's a request to the crossdomain.xml before accessing the video file (seeon.flv).
It returns the content fine , with the Content-type of application/xml, but it still allow the cross domain behavior.
Any idea ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
听起来您可能对跨域策略的使用感到困惑。禁止跨域访问并不会阻止内容的加载和显示。它只是在加载并显示目标后限制来自不同域的内容之间的访问。例如,如果 A.swf 加载 B.swf,A 将无法调用 B 内部的方法。但 B 仍会被加载。
听起来您想要的是热链接保护,这通常在网络服务器级别完成。 (也就是说,您在 FLV 服务器上的 Apache/IIS/等中制定规则,以防止将其提供给其他域的页面。)
It sounds like you may be confusing the use of crossdomain policies. Disallowing crossdomain access doesn't prevent content from being loaded and displayed. It just limits access between content from different domains after the target has been loaded and displayed. For example, if A.swf loads B.swf, A will be unable to call methods inside B. But B will still get loaded.
It sounds like what you want is hotlinking protection, which is normally done at the webserver level. (That is, you make a rule in Apache/IIS/etc. on the FLV's server to prevent it from being served to other domain's pages.)
为了保护您的 Jwplayer 免受跨域文件注入,没有内置选项,crossdomain.xml 不会帮助您。
您可以尝试使用.htaccess中的服务器规则来拒绝远程内容注入
http://www.masterdef.net/blog/ jwplayer-crossdomain-remote-video-injection/#more-32
To protect your Jwplayer from cross domain file injection there is not built-in options, crossdomain.xml would not help you.
You can try to deny remote content injection with server rules in .htaccess
http://www.masterdef.net/blog/jwplayer-crossdomain-remote-video-injection/#more-32