AS3跨域错误
我有一个 SWF 文件,假设位于 myserver1.com/my.swf
上,并且我有一个跨域文件,
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.imageDomain1.com" />
<allow-access-from domain="*.AnotherimageDomain1.com" />
<allow-access-from domain="*.imageDomain2.com" />
</cross-domain-policy>
ActionScript 代码是。
Security.loadPolicyFile("http://myserver1.com/crossdomain.xml");
var context:LoaderContext = new LoaderContext();
context.checkPolicyFile = true;
// The following is working (SESSION 1)
var request:URLRequest = new URLRequest('http://img.imageDomain1.com/firstImage.jpg');
var loader:Loader = new Loader();
loader.load(request, context);
// The following is not working (SESSION 2)
var request1:URLRequest = new URLRequest('http://img.AnotherimageDomain1.com/firstImage.jpg');
var loader1:Loader = new Loader();
loader1.load(request1, context);
我不知道发生了什么事。当我使用 Firebug 时,swf 正在寻找它所在的 http://img.imageDomain1.com/crossdomain.xml
。但是 http://img.AnotherimageDomain1.com/crossdomain.xml
不在那里(我不能在那里放置任何 corssdomain 文件,因为我没有任何访问权限)。
问题是在完成事件中,来自(会话 1)的图像正在调整大小,而来自(会话 2)的图像未调整大小。
请帮我!!!
I have a SWF file which is on suppose myserver1.com/my.swf
and I have an cross domain file
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.imageDomain1.com" />
<allow-access-from domain="*.AnotherimageDomain1.com" />
<allow-access-from domain="*.imageDomain2.com" />
</cross-domain-policy>
The ActionScript Code is.
Security.loadPolicyFile("http://myserver1.com/crossdomain.xml");
var context:LoaderContext = new LoaderContext();
context.checkPolicyFile = true;
// The following is working (SESSION 1)
var request:URLRequest = new URLRequest('http://img.imageDomain1.com/firstImage.jpg');
var loader:Loader = new Loader();
loader.load(request, context);
// The following is not working (SESSION 2)
var request1:URLRequest = new URLRequest('http://img.AnotherimageDomain1.com/firstImage.jpg');
var loader1:Loader = new Loader();
loader1.load(request1, context);
I dont know that happend. When I user Firebug, the swf is looking for http://img.imageDomain1.com/crossdomain.xml
it is present there. But http://img.AnotherimageDomain1.com/crossdomain.xml
is not there(I can't put any corssdomain file there, because I dont have any access).
The issue is image from (SESSION 1) is resizing and image from (SESSION 2) is not resizing on the COMPLETE Event.
Please help me!!!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您无权访问 http://img.AnotherimageDomain1.com/,那么您将永远无法访问在那里放置一个 crossdomain.xml。
因此,可以预期您当前的解决方案将无法应对沙箱问题。
解决方案是您需要创建一个 代理。
代理应在 http://img.imageDomain1.com/ 的公共根目录中可用,即您有权访问的域。
由于代理将与您的应用程序在同一域中运行,因此它将充当中间人,为您的应用程序提供来自其自己域之外的数据,从而有效地绕过沙箱。
但请记住,您应该对代理进行限制,否则您的网站可能容易受到 XSS 攻击。
干杯
If you do not have access to http://img.AnotherimageDomain1.com/, then you will never be able to put a crossdomain.xml there.
It is thus to be expected that your current solution will not be able to cope with the sandbox problem.
The solution is that you will need to create a proxy.
The proxy should be made available at the public root of http://img.imageDomain1.com/, being the domain you DO have access to.
Since the proxy will run in the same domain as your application, it will act as a go-between to provide your application with data from outside it's own domain, thus effectively circumventing the sandbox.
Keep in mind though that you should made your proxy restrictive or your site might become vulnerable to XSS attacks.
Cheers