当 .swf 和 http 目标都在本地主机上时，为什么 Flash 需要 crossdomain.xml 文件? [英] Why is Flash demanding a crossdomain.xml file when the .swf and http target are both on localhost?

问题描述

我有一个小型客户端/服务器测试应用程序，其中我有一个 Flex 应用程序，可以向服务器应用程序发出 HTTP 请求.服务器应用程序是在我的本地机器上运行的脚本，侦听端口 8001.客户端是我在本地运行的 swf，并使用 mx.rpc.http.HTTPService 发出页面请求.

I've got a small client/server test application where I have a Flex app that makes an HTTP request of a server app. The server app is a script running on my local machine, listening on port 8001. The client is a swf that I am running locally, and uses mx.rpc.http.HTTPService to make the page request.

HTTPService 设置如下:

The HTTPService is being set up as per below:

_HttpService = new HTTPService();
_HttpService.url = "http://localhost:8001";
_HttpService.contentType = "text/xml";

当我发出基本页面请求时，我的服务器应用程序首先收到一个 "GET/crossdomain.xml HTTP/1.1" 请求，该请求失败了，因为我没有 crossdomain.xml文件到位.我没有一个的原因是因为这一切都发生在我的本地机器上(目前)，我不应该需要一个(我不认为).

When I make a basic page request, my server app is first receiving a "GET /crossdomain.xml HTTP/1.1" request, which is failing since I don't have a crossdomain.xml file in place. The reason I don't have one in place is because this is all happening on my local machine (for now) and I shouldn't need one (I don't think).

当我使用 Flex 3.x 时，我之前确实在没有 crossdomain.xml 的情况下使用过这段代码.我以为我也可以在 Flex 4 中使用它.现在我使用 Flex 4.5.是否存在问题，可能是由于安全政策的变化?

I definitely had this code working before without a crossdomain.xml when I was using Flex 3.x. I thought I had it working with Flex 4 as well. Now I'm using Flex 4.5. Is there an issue here, possibly due to security policy changes?

所有这些都发生在本地主机上，为什么 Flash 播放器请求 crossdomain.xml 文件?

如果有帮助，我的 AsyncResponder 返回的具体故障是:

In case it helps, the specific fault my AsyncResponder is getting back is:

[FaultEvent fault=[RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"] messageId="F43DCBFF-E99A-99CC-57D8-535C13C7CD48" type="fault" bubbles=false cancelable=true eventPhase=2]

推荐答案

可能是虽然你的客户端页面和服务器的主机和协议相同，但是不同的端口导致 Flash 无法通过同源测试和请求crossdomain.xml 以查看它可以做什么.我假设托管您的 Flash 内容的页面在端口 80 上运行?如果是这种情况，请查看维基百科关于同源政策的文章 (http://en.wikipedia.org/wiki/Same_origin_policy) 了解详情.

It may be that although you have the same host and protocol between the client page and server, the different port causes Flash to fail the same-origin test and request the crossdomain.xml to see what it's allowed to do. I'm assuming the page hosting your Flash content is running on port 80? If that's the case, check out Wikipedia's article on the same origin policy (http://en.wikipedia.org/wiki/Same_origin_policy) for the details.

crossdomain.xml 对于本地测试来说似乎不太麻烦，并且在 help.adobe.com 上有很好的记录.您可以像这样在网站的根目录中创建一个 crossdomain.xml，这将允许所有访问:

The crossdomain.xml doesn't seem to be too cumbersome for local testing and is pretty well documented on help.adobe.com. You can create a crossdomain.xml in the root of your website like this, which will allow all access:

<?xml version="1.0"?> 
<!-- http://localhost/site/crossdomain.xml --> 
<cross-domain-policy> 
    <site-control permitted-cross-domain-policies="all"/> 
    <allow-access-from domain="*" to-ports="*"/> 
</cross-domain-policy>

除了本地开发之外，我不会将上述内容用于任何其他用途，因为您基本上允许任何域请求内容.

I wouldn't use the above for anything other than local development as you're basically allowing any domain to request content.

希望这会有所帮助！

这篇关于当 .swf 和 http 目标都在本地主机上时，为什么 Flash 需要 crossdomain.xml 文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！