为 Amazon S3 编写 Flash crossdomain.xml [英] Writing Flash crossdomain.xml for Amazon S3
问题描述
我有两台服务器.服务器 A 是一个内部服务器,可以从我办公室设置的外部世界访问.它有一个运行在它上面的 Rails 服务器.我有第二个服务器,服务器 B,它包含我们所有的静态内容(图像、swfs、javascript、css 等),它是一个 Amazon S3 服务器.我已将所有这些文件公开访问.
I have two servers. Server A is an internal server that has access from the outside world set up here in my office. It has a Rails server running on it. I have a second server, Server B, that contains all our static content (images, swfs, javascript, css, etc.), it is an Amazon S3 server. I have given all these files public access.
我正在尝试将来自服务器 B 的 swf 放在服务器 A 提供服务的页面上.然后,该 swf 需要以显示的其他资产从服务器 B 动态加载.然而,不幸的是,沿着它失败的方式和要求动态加载的文件永远不会到达.
What I am attempting is to put a swf from Server B on a page served by Server A. Then, the other assets that the swf requires in order to display get dynamically loaded from Server B. Unfortunately, however, somewhere along the way it's failing and the files that are requested to be dynamically loaded just never arrive.
基于我的浏览器控制台中的错误,swf 期望服务器 A 上有一个 crossdomain.xml 文件.基于 this,它还需要一个在我的 S3 服务器上.因此,在这种情况下,我创建了两个 crossdomain.xml 文件,每个服务器一个.
Based on errors in my browser console the swf is expecting a crossdomain.xml file to be on Server A. Based on this, it also needs one to be on my S3 server. So, that being the case I have created two crossdomain.xml files, one for each server.
这是服务器 A 的 crossdomain.xml 文件:
This is Server A's crossdomain.xml file:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="s3-bucket-name.s3.amazonaws.com" />
</cross-domain-policy>
这是服务器 B 的 crossdomain.xml 文件:
This is Server B's crossdomain.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*.server-a.com"/>
<allow-http-request-headers-from domain="*.server-a.com" headers="SOAPAction"/>
</cross-domain-policy>
此外,我在我的 swf 中显式加载服务器 B 的 crossdomain.xml 文件:
Additionally, I am explicitly loading Server B's crossdomain.xml file in my swf:
Security.loadPolicyFile("https://s3-bucket-name.s3.amazonaws.com/crossdomain.xml");
然而,无论我做什么,它都不起作用.我不知道还有什么要尝试的.我已经尝试在 SO 上查看许多解决方案,但没有任何帮助我解决我的问题.当然,其他人在这方面的经验比我多,可以给我一些指导,此时我几乎没有想法.
No matter what I do, however, it just does not work. I'm not sure what else to try. I've tried looking through a number of the solutions here on SO but nothing has helped me resolve my problem yet. Surely someone else has had more experience in this than I have and can give me some guidance, I'm pretty much out of ideas at this point.
更新用更多信息更新我的问题.
Update Updating my question with some more info.
我尝试将两个策略文件都设置为 * 并且它开始工作直到它命中:
I tried setting both policy files to * and it started working until it hit:
SecurityError: Error #2121: Security sandbox violation: Loader.content: s3.amazonaws.com/bucket_name/swfs/foo.swf cannot access s3.amazonaws.com/bucket_name/data/swfs/bar.swf. This may be worked around by calling Security.allowDomain.
此外,我运行了 Charles,它从我的本地服务器中提取了 crossdomain.xml,但我在 s3 中没有看到它.
Additionally, I ran Charles and it is pulling the crossdomain.xml from both my local server but I don't see it for s3.
更新 2我尝试将其添加到加载器中:
Update 2 I tried adding this to the loader:
var context:LoaderContext = new LoaderContext();
context.securityDomain = SecurityDomain.currentDomain;
context.applicationDomain = ApplicationDomain.currentDomain;
Loader.load(new URLRequest(_dataFile), context);
这导致文件实际下载!不幸的是,现在它崩溃了:
This resulted in the files actually downloading! Unfortunately now it crashes out with this:
SecurityError: Error #2119: Security sandbox violation: caller s3.amazonaws.com/bucket_name/swfs/MainSwf.swf cannot access LoaderInfo.applicationDomain owned by s3.amazonaws.com/bucket_name/data/swfs/foo/SecondSwf.swf
我试过包含/不包含 context.applicationDomain = ApplicationDomain.currentDomain; 行,但这并没有解决问题.
I've tried including/not including the context.applicationDomain = ApplicationDomain.currentDomain; line but that hasn't resolved the issue.
实际发生崩溃的地方是在加载文件之后我们获取 applicationDomain 的稍后时间:loader_.contentLoaderInfo.applicationDomain.getDefinition( def.a)
Where the crash is actually occurring is at a later time after the file is loaded where we are getting the applicationDomain: loader_.contentLoaderInfo.applicationDomain.getDefinition( def.a )
推荐答案
看起来你在不同的域上有 a.swf 和 b.swf,并且 a.swf 试图访问 b.swf 的内容(通过 Loader.content),毫无疑问它因安全错误而失败.
It looks like you have a.swf and b.swf on different domains, and a.swf is trying to access the content of b.swf (via Loader.content), and no doubt it's failing with a security error.
您有两个选择:
将 b.swf 加载到与 a.swf 相同的安全域中(即当前"安全域).您可以通过将新的
LoaderContext传递给Loader.load()并设置loaderContext.securityDomain = SecurityDomain.currentDomain在 a.swf 的代码中执行此操作>
Load b.swf in the same security domain as a.swf (i.e. the "current" security domain). You can do this in a.swf's code by passing a new
LoaderContexttoLoader.load()and setting theloaderContext.securityDomain = SecurityDomain.currentDomain
通过以a.swf的域名为参数调用b.swf代码中的Security.allowDomain(),明确允许a.swf访问b.swf
Explicity allow a.swf to access b.swf by calling Security.allowDomain() in b.swf's code with a.swf's domain name as the parameter
您选择哪一个取决于其他考虑因素.对于第一个,b.swf 在跨域安全(即访问文件等)方面可以做 a.swf 可以做的(所有事情!);对于第二个,a.swf 域中的任何 SWF 文件都可以访问 b.swf 的内容.这真的取决于你想如何建立信任.
Which one you choose depends on other considerations. With the first one, b.swf is able to do what a.swf can do (everything!) in terms of cross-domain security (i.e. access files, etc.); with the second one, any SWF file on a.swf's domain is able to access b.swf's content. It really depends how you want to set up the trust.
这篇关于为 Amazon S3 编写 Flash crossdomain.xml的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
