当前位置: 文江博客话题详情

AS3:编写跨域加载的 swf 脚本

发布于 2024-12-05 18:24:58 字数 1818 浏览 0 评论 0原文

我有一些奇怪的域间加载行为。我需要让加载的 swf 跨域访问已加载的 swf 的类和方法,但尽管我有所有的 applicationDomain 设置和跨域设置,我无法将其转换为跨域的可用类型,但它的工作原理完全一样领域。

场景:

域 A 上的应用程序从域 B 加载皮肤(实际上是大型域结构的所有部分(test.domain.co.uk、assets.domain.co.uk 等),但是出于 Flash 的目的,它们是不同的)。目前,一些文件位于测试环境中,并且在上线之前将经过多个环境,因此我使所有安全调用保持相对宽松。到处都有 crossdomain.xml 文件。

加载代码:

_skinLoader = new Loader();
addChild(_skinLoader);
var context:LoaderContext = new LoaderContext();
context.applicationDomain = new ApplicationDomain(ApplicationDomain.currentDomain);
_skinLoader.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR, skinError, false, 0, true);
_skinLoader.contentLoaderInfo.addEventListener(Event.COMPLETE, skinLoaded);
var skinurl:String = "http://www.domainB/skins/skin.swf";
var request : URLRequest = new URLRequest(skinurl);
_skinLoader.load(request, context);

COMPLETE 事件代码:

onSkinLoaded(e:Event):void{
   addChild(_skinLoader);
   _skin = e.currentTarget.content as ISkin;

   trace("SHELL: Skin loaded:"+_skin); //======== traces out null when x-domain but traces out[object SkinObject] on the same domain or in the IDE
   trace("SHELL: Skin target:"+e.currentTarget.content); //===== traces out [object SkinObject] on both
   ...............

}

因此,当皮肤与 shell 应用程序位于同一域时它可以工作,但当它们分开时则不行。正如您从上面的代码中可以看出的,皮肤实现了 ISkin 并扩展和抽象类 ASkin;为了处理安全性,我将以下内容作为外观类(这是 fla 的基类)的构造函数。

public function SkinObject(){
     Security.allowDomain(this.root.loaderInfo.loaderURL);
     super();
}

其他信息:

  • 皮肤构造函数类中的跟踪火灾
  • 当皮肤位于同一域时,如果我测试(e.currentTarget.content is ISkin),当打开时,我得到true单独的域,我得到 false
  • 没有安全事件。
  • 我也尝试将加载器上下文设置为新的 ApplicationDomain ,但
原文

I'm having some strange inter-domain loading behaviour. I need to give my loading swf access to my loaded swf's classes and methods across domains, but despite all my applicationDomain settings and cross domain settings, I'm not being able to cast it to a usable type across domains, but it works perfectly same domain.

The scenario:

Application on domain A loads a skin from domain B (actually all part of a massive domain structure (test.domain.co.uk, assets.domain.co.uk, etc), but for Flash's purposes they are different). Currently some of the files are on a testing environment and will move through several environments before it goes live, so I'm keeping all security calls relatively loose. There are crossdomain.xml files all over the place.

the loading code:

_skinLoader = new Loader();
addChild(_skinLoader);
var context:LoaderContext = new LoaderContext();
context.applicationDomain = new ApplicationDomain(ApplicationDomain.currentDomain);
_skinLoader.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR, skinError, false, 0, true);
_skinLoader.contentLoaderInfo.addEventListener(Event.COMPLETE, skinLoaded);
var skinurl:String = "http://www.domainB/skins/skin.swf";
var request : URLRequest = new URLRequest(skinurl);
_skinLoader.load(request, context);

the COMPLETE event code:

onSkinLoaded(e:Event):void{
   addChild(_skinLoader);
   _skin = e.currentTarget.content as ISkin;

   trace("SHELL: Skin loaded:"+_skin); //======== traces out null when x-domain but traces out[object SkinObject] on the same domain or in the IDE
   trace("SHELL: Skin target:"+e.currentTarget.content); //===== traces out [object SkinObject] on both
   ...............

}

So it works when the skin is on the same domain as the shell application, but not when they are separate. As you may tell from the code above the skin implements ISkin and extends and abstract class ASkin; to deal with security I have the following as the constructor of the skin class (which is the base class of the fla).

public function SkinObject(){
     Security.allowDomain(this.root.loaderInfo.loaderURL);
     super();
}

Other info:

  • Traces in the skin constructor class fire
  • When the skin is on the same domain if I test (e.currentTarget.content is ISkin) I get true, when on separate domains, I get false
  • There are no security events
  • I have tried setting the loader context to new ApplicationDomain as well.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

掩饰不了的爱 2024-12-12 18:24:58

好的。我在精彩的 senogenic 页面之一上找到了答案: http:// /www.senoptic.com/flash/tutorials/contentdomains/?page=1

本质上,可以通过合并两个 swf 的安全域并将 applicationDomain 设置为 相同的。下面是上面页面的引用(示例网址中有一个 / 以防止它们成为链接):

要将另一个 SWF 加载到您自己的安全域中,您需要使用 LoaderContext 对象的实例调用 Loader.load。该 LoaderContext 的 securityDomain 属性设置为对当前安全域的引用。这可以通过 SecurityDomain.currentDomain 访问。设置此值时,加载程序 SWF 表示对要加载的 SWF 的信任,而该 SWF 通过策略文件表示信任。

h/ttp://host.example.com/parent.swf:

trace(new LocalConnection().domain); // host.example.com

var loader:Loader = new Loader();

// create a LoaderContext that indicates that
// the loaded SWF will be loaded into this
// security domain
var context:LoaderContext = new LoaderContext(true);
context.securityDomain = SecurityDomain.currentDomain;

var url:String = "http://trusting.example.com/child.swf";
loader.load(new URLRequest(url), context);

h/ttp://trusting.example.com/crossdomain.xml:

<?xml version="1.0"?> 
<cross-domain-policy>
<allow-access-from domain="host.example.com"/>
</cross-domain-policy>

h/ttp://trusting.example.com/child.swf:

trace(new LocalConnection().domain); // host.example.com

使用 LocalConnection 实例的域属性,检查每个 SWF 的安全域。尽管子 SWF 源自 trusting.example.com 域,但它显示为位于 host.example.com 域内,因为父 SWF 将其加载到自己的安全域中。

我希望这可以帮助那些花三天时间兜圈子的人。 谢谢你!

Ok. I've discovered the answer on one of the brilliant senocular's pages: http://www.senocular.com/flash/tutorials/contentdomains/?page=1

Essentially the problem can be overcome by merging the Security Domains of the two swfs and to set the applicationDomain to the same. Below is a quote from the above page (example urls have a / in them to prevent them becoming links):

To load another SWF into the security domain of your own, you would need to call Loader.load with an instance of a LoaderContext object. The securityDomain property of that LoaderContext is set to a reference to the current security domain. This is accessible through SecurityDomain.currentDomain. In setting this value, the loader SWF expresses trust in the SWF that is to be loaded, while that SWF expresses trust through a policy file.

h/ttp://host.example.com/parent.swf:

trace(new LocalConnection().domain); // host.example.com

var loader:Loader = new Loader();

// create a LoaderContext that indicates that
// the loaded SWF will be loaded into this
// security domain
var context:LoaderContext = new LoaderContext(true);
context.securityDomain = SecurityDomain.currentDomain;

var url:String = "http://trusting.example.com/child.swf";
loader.load(new URLRequest(url), context);

h/ttp://trusting.example.com/crossdomain.xml:

<?xml version="1.0"?> 
<cross-domain-policy>
<allow-access-from domain="host.example.com"/>
</cross-domain-policy>

h/ttp://trusting.example.com/child.swf:

trace(new LocalConnection().domain); // host.example.com

Using the domain property of a LocalConnection instance, the security domain is checked for each SWF. Though the child SWF originated from the trusting.example.com domain, it's shown as being within the host.example.com domain because the parent SWF loaded it into its own security domain.

I hope that helps someone from spending 3 days going around and around in circles. Thank you senocular!

回复 原文
挽手叙旧 2024-12-12 18:24:58

这行代码不会执行您期望的操作:

Security.allowDomain(this.root.loaderInfo.loaderURL);

我非常确定您从域 B 加载到 A 的 swf 的根 URL 仍然是域 B,否则跨域策略系统甚至无法工作,因为从 X 加载的任何/所有 swf域到 A 域将自动成为域 A 的子域(使用此逻辑)。

您需要编写一个跨域策略文件并将其放置在域 A 和域 B 中,明确允许域 B 与 A 交互,以及 A 与 B 交互。下面是一个跨域策略文件的示例,它将向任何加载的人授予权限域中的 swf。

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

摘自这个问题/答案:

有人可以发布格式良好的跨域吗.xml 示例?

This line of code will not do what you expect it to:

Security.allowDomain(this.root.loaderInfo.loaderURL);

I'm pretty sure that the root URL of the swf you're loading from domain B to A will still be domain B, otherwise the crossdomain policy system wouldn't even work in the first place, because any/all swfs loaded from X domain to A domain would automatically become a child of domain A (with this logic).

You need to write a crossdomain policy file and place it in both domain A and domain B giving explicit permission for domain B to interact with A, and A with B. Here is an example of a crossdomain policy file that will grant permission to anyone loading the swfs in the domain.

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

Taken from this question/answer:

Can someone post a well formed crossdomain.xml sample?

回复 原文
一场信仰旅途 2024-12-12 18:24:58

域A swf:
从domainB加载swf时,正在从domainB加载crossdomain.xml。
如果这没有帮助,那么:

在 DomainA 上的 SWF 内添加:

System.allowDomain ( 'DomainB' );

图像/视频和其他类型的文件基本上需要 crossdomain.xml。
Swf;s 需要单独处理:

在 DomainB 上的 SWF 内添加:

System.allowDomain ( 'DomainA' );

DomainA swf:
When loading the swf from domainB is loading crossdomain.xml from domainB.
if this will not help then:

inside SWF on DomainA add:

System.allowDomain ( 'DomainB' );

crossdomain.xml basicaly needed for images / videos and other type of files.
Swf;s needs to be taked care sepparately:

inside SWF on DomainB add:

System.allowDomain ( 'DomainA' );
回复 原文
~没有更多了~

关于作者

话少心凉

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文