Internet Explorer、Flash POST 变量和 IFRAMES
我有一位客户遇到了一些奇怪的问题,该问题是嵌入在 iframe 中的 flash 对象发生的,该对象调用了 PHP 脚本并传递了 POST 变量。
我想我终于大致弄清楚了发生了什么,但希望能澄清我的预感是否正确。
该设置有点复杂,所以请耐心等待...
她的网站使用其中一种网站构建器设置,因此它的功能有点有限。她想要包含我的 Flash 应用程序,但不能,因此作为一种解决方法,她将 Flash 应用程序放在另一个域中,然后将其嵌入到 iframe 中。
Flash 应用程序的部分功能是打开一个单独的窗口,然后调用 PHP 脚本,将 POST 变量传递给它。
在 Chrome、Safari 和 Firefox 上它可以工作。在 IE 上,就好像没有发布 POST 变量。
使用 HTTP 嗅探器,我能够确认变量确实已发送,但结果清楚地表明 PHP 脚本没有看到它们。
这真的让我抓狂,直到我想起这里有两个不同的域。
还记得她如何将一个域的内容嵌入到另一域的 iframe 中吗?
所以我认为这是一个跨域安全问题导致 POST 数据在服务器端被阻止。
但为什么它在其他浏览器中也能工作呢?
这是我的理论......
在 Chrome、Firefox 和 Safari 中,浏览器将数据发送到脚本,其中 IFrame 内的页面作为发起者。因此,发起者和目标脚本位于同一域中。
在IE中,浏览器将数据发送到以CONTAINER页面为发起者的脚本。在这种情况下,发起者和目标脚本位于不同的域,并且服务器会阻止数据。
那么,你觉得怎么样?这听起来像是一个有效的解释吗?这是 IE 的已知功能吗?在这种情况下,符合标准的浏览器应该做什么?
更新:
事实证明,问题不仅仅在于跨域。即使 iframe 内容来自同一网站,这种情况仍然会发生。但仅在 IE 中。很奇怪吧?
I've had a customer who was getting some weird issues happening with a flash object embedded in an iframe, which called a PHP script and passed POST variables.
I think I've finally figured out roughly what is going on, but would appreciate clarification as to whether or not my hunch is right.
The setup is kind of complicated so please bear with me...
Her web site uses one of those site-builder setups, so it's a bit limited in what it can do. She wanted to include my Flash application, but couldn't, so as a workaround she put the Flash app on another domain, and then embedded it with an iframe.
Part of what the Flash app does is to open a separate window, and then call a PHP script, passing POST variables to it.
On Chrome, Safari, and Firefox it works. On IE, it's as if no POST variables were posted.
With an HTTP sniffer I was able to confirm that the variables were indeed sent, but the result clearly shows that the PHP script does not see them.
This was really driving me nuts, until I remembered that there are two DIFFERENT domains here.
Remember how she had to embed the content from one domain in an iframe in a different domain?
So I'm thinking it's a cross-domain security issue that is causing the POST data to be blocked server-side.
But then why does it work in other browsers?
Here's my theory...
In Chrome, Firefox, and Safari, the browser sends the data to the script with the page INSIDE the IFrame as the originator. Therefore the originator and the destination script are on the SAME domain.
In IE, the browser sends the data to the script with the CONTAINER page as the originator. In this case the originator and the destination script are on DIFFERENT domains, and the server blocks the data.
So, what do you think? Does that sound like a valid explanation? Is this a known feature of IE? What should a standards-compliant browser do in this situation?
UPDATE:
It turns out that the problem is NOT just for cross-domain. Even with the iframe content coming from the SAME site it still happens. Only in IE though. Weird right?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我过去曾解决过 Flash 跨域问题,但没有遇到过这种特殊情况。我不认为她的网站构建器会允许将跨域策略文件部署到她网站的根目录?
如果是这样,您可以尝试将 crossdomain.xml:
...部署到她网站的根目录,看看是否可以解决问题。我假设 Flash 文件和 PHP 脚本都在同一个域中?
I've worked around Flash cross-domain issues in the past but haven't run into this particular scenario. I don't suppose her site builder would allow deploying a cross-domain policy file to the root of her site?
If so you could try deploying a crossdomain.xml:
...to the root of her site and see if that resolves the issue. I'm assuming the Flash file and PHP script are both on the same domain?