SecurityException 1000,即使使用相同的域

发布于 2024-11-01 10:57:47 字数 1520 浏览 2 评论 0原文

我面临着一个棘手的 Javascript/Firefox 问题。 下面列出了相关代码。

基本上发生的情况如下:
1. document.ready 触发并发起 AJAX 请求(到 document.domain:8484/getTrack.php 或其他)
2. 收到 AJAX 响应。此响应包含图像位置的 url(同一域)。所以,设置了sourceImage.onload,然后设置了sourceImage.src
3. sourceImage.onload 触发。现在的想法是在内存中保存调整大小的图像,使其完全适合要在其上绘制的画布。我想将这个调整大小的图像保留在内存中,因为我将多次将其(部分)写入画布,并且每次调整大小都会慢很多。

    var SourceImage = new Image();
    var preparedImageData;

    sourceImage.onload = function() { 
        var canvas = document.createElement('canvas');
        canvas.width = 100; canvas.height = 100;
        var ctx = canvas.getContext("2d");        
        // resize image
        ctx.drawImage(sourceImage, 0, 0, sourceImage.width, sourceImage.height, 0, 0, canvas.width, canvas.height);    
        // save as imagedata
        try {
            try { 
                preparedImageData = ctx.getImageData(0, 0, canvas.width, canvas.height);
            } 
            catch (e) { 
                netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
                preparedImageData = ctx.getImageData(0, 0, canvas.width, canvas.height);
            }                          
        }
        catch (e) {
            throw new Error("unable to access image data: " + e)
        }
    }

第一个 getImageData 调用会抛出异常,enablePrivilege 调用也会立即抛出异常。错误文本为“来自“http://127.0.0.1”的脚本被拒绝 UniversalBrowserRead 权限。”。我已经检查过,看来这些消息应该只在尝试从另一个域访问图像上的 getImageData 时出现,但事实并非如此(对吗?)。没有严格的安全策略(一切都是默认的),Firefox 4.0。相同的代码在 Chrome 上运行良好。

I'm facing a troublesome Javascript/Firefox problem.
Relevant code is listed below.

What happens basically is the following:
1. document.ready fires and initiates an AJAX request (to document.domain:8484/getTrack.php or whatever)
2. AJAX response is received. This response contains the url (same domain) of the location of the image. So, sourceImage.onload is set, then sourceImage.src is set
3. sourceImage.onload fires. The idea is now to keep a resized image in memory that perfectly fits the canvas it's going to be drawn on. I want to keep this resized image in memory because I'm going to write (parts of) it to my canvas a lot of times, and resizing every time should be a lot slower.


    var SourceImage = new Image();
    var preparedImageData;

    sourceImage.onload = function() { 
        var canvas = document.createElement('canvas');
        canvas.width = 100; canvas.height = 100;
        var ctx = canvas.getContext("2d");        
        // resize image
        ctx.drawImage(sourceImage, 0, 0, sourceImage.width, sourceImage.height, 0, 0, canvas.width, canvas.height);    
        // save as imagedata
        try {
            try { 
                preparedImageData = ctx.getImageData(0, 0, canvas.width, canvas.height);
            } 
            catch (e) { 
                netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
                preparedImageData = ctx.getImageData(0, 0, canvas.width, canvas.height);
            }                          
        }
        catch (e) {
            throw new Error("unable to access image data: " + e)
        }
    }

The first getImageData call throws and the enablePrivilege call also throws inmediately. The errror text is "A script from "http://127.0.0.1" was denied UniversalBrowserRead privileges.". I've checked and it appears these messages should only appear when trying to access getImageData on an image from another domain, which isn't the case though (right?). have no strict security policy in place (everything default), Firefox 4.0. Same code works fine on Chrome.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

从此见与不见 2024-11-08 10:57:47

通过“同源”参考同源政策,协议、主机名和端口需要相同。我猜你在这里使用不同的端口?

我认为发生的情况是,您对 netscape.security.PrivilegeManager.enablePrivilege 的调用由于脚本不是 signed - 您是否尝试删除此代码?

By 'same origin' ref the Same Origin Policy, the protocol, hostname AND port needs to be identical. I'm guessing you are using different ports here?

What I think happens is that your call to netscape.security.PrivilegeManager.enablePrivilege fails due to the script not being signed - have you tried removing this code?

烟若柳尘 2024-11-08 10:57:47

一旦我设置了 document.domain = document.domaincontext.getImageDataPrivilegeManager.enablePrivilege 调用就会失败,这是为了与iframe 托管在不同的子域上。作为解决方法,我将 domain.tld/subdomain/ 代理到 subdomain.domain.tld/ 并获得了所需的结果。

The context.getImageData and the PrivilegeManager.enablePrivilege calls fail as soon as I set document.domain = document.domain which is done for cooperation with iframes hosted on a different subdomain. As a workaround I proxied domain.tld/subdomain/ to subdomain.domain.tld/ and obtained the desired result.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文