SecurityException 1000,即使使用相同的域
我面临着一个棘手的 Javascript/Firefox 问题。 下面列出了相关代码。
基本上发生的情况如下:
1. document.ready 触发并发起 AJAX 请求(到 document.domain:8484/getTrack.php 或其他)
2. 收到 AJAX 响应。此响应包含图像位置的 url(同一域)。所以,设置了sourceImage.onload,然后设置了sourceImage.src
3. sourceImage.onload 触发。现在的想法是在内存中保存调整大小的图像,使其完全适合要在其上绘制的画布。我想将这个调整大小的图像保留在内存中,因为我将多次将其(部分)写入画布,并且每次调整大小都会慢很多。
var SourceImage = new Image();
var preparedImageData;
sourceImage.onload = function() {
var canvas = document.createElement('canvas');
canvas.width = 100; canvas.height = 100;
var ctx = canvas.getContext("2d");
// resize image
ctx.drawImage(sourceImage, 0, 0, sourceImage.width, sourceImage.height, 0, 0, canvas.width, canvas.height);
// save as imagedata
try {
try {
preparedImageData = ctx.getImageData(0, 0, canvas.width, canvas.height);
}
catch (e) {
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
preparedImageData = ctx.getImageData(0, 0, canvas.width, canvas.height);
}
}
catch (e) {
throw new Error("unable to access image data: " + e)
}
}
第一个 getImageData 调用会抛出异常,enablePrivilege 调用也会立即抛出异常。错误文本为“来自“http://127.0.0.1”的脚本被拒绝 UniversalBrowserRead 权限。”。我已经检查过,看来这些消息应该只在尝试从另一个域访问图像上的 getImageData 时出现,但事实并非如此(对吗?)。没有严格的安全策略(一切都是默认的),Firefox 4.0。相同的代码在 Chrome 上运行良好。
I'm facing a troublesome Javascript/Firefox problem.
Relevant code is listed below.
What happens basically is the following:
1. document.ready fires and initiates an AJAX request (to document.domain:8484/getTrack.php or whatever)
2. AJAX response is received. This response contains the url (same domain) of the location of the image. So, sourceImage.onload is set, then sourceImage.src is set
3. sourceImage.onload fires. The idea is now to keep a resized image in memory that perfectly fits the canvas it's going to be drawn on. I want to keep this resized image in memory because I'm going to write (parts of) it to my canvas a lot of times, and resizing every time should be a lot slower.
var SourceImage = new Image();
var preparedImageData;
sourceImage.onload = function() {
var canvas = document.createElement('canvas');
canvas.width = 100; canvas.height = 100;
var ctx = canvas.getContext("2d");
// resize image
ctx.drawImage(sourceImage, 0, 0, sourceImage.width, sourceImage.height, 0, 0, canvas.width, canvas.height);
// save as imagedata
try {
try {
preparedImageData = ctx.getImageData(0, 0, canvas.width, canvas.height);
}
catch (e) {
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
preparedImageData = ctx.getImageData(0, 0, canvas.width, canvas.height);
}
}
catch (e) {
throw new Error("unable to access image data: " + e)
}
}
The first getImageData call throws and the enablePrivilege call also throws inmediately. The errror text is "A script from "http://127.0.0.1" was denied UniversalBrowserRead privileges.". I've checked and it appears these messages should only appear when trying to access getImageData on an image from another domain, which isn't the case though (right?). have no strict security policy in place (everything default), Firefox 4.0. Same code works fine on Chrome.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
通过“同源”参考同源政策,协议、主机名和端口需要相同。我猜你在这里使用不同的端口?
我认为发生的情况是,您对
netscape.security.PrivilegeManager.enablePrivilege的调用由于脚本不是 signed - 您是否尝试删除此代码?By 'same origin' ref the Same Origin Policy, the protocol, hostname AND port needs to be identical. I'm guessing you are using different ports here?
What I think happens is that your call to
netscape.security.PrivilegeManager.enablePrivilegefails due to the script not being signed - have you tried removing this code?一旦我设置了
document.domain = document.domain,context.getImageData和PrivilegeManager.enablePrivilege调用就会失败,这是为了与iframe 托管在不同的子域上。作为解决方法,我将 domain.tld/subdomain/ 代理到 subdomain.domain.tld/ 并获得了所需的结果。The
context.getImageDataand thePrivilegeManager.enablePrivilegecalls fail as soon as I setdocument.domain = document.domainwhich is done for cooperation with iframes hosted on a different subdomain. As a workaround I proxied domain.tld/subdomain/ to subdomain.domain.tld/ and obtained the desired result.