安全沙箱冲突：缺乏政策文件权限 [英] Security Sandbox Violation: Lack of Policy File Permissions

问题描述

我用as3httpclientlib将数据发布到我的web服务，但我不断 得到以下安全违规。有谁知道如何解决呢？ 我的crossdomain.xml文件低于安全违规通知。

注意：我使用Apache的代理请求到Web服务，因此目标URL /端口和URL /端口服务的小应用程序都是一样的 - 即 http://192.168.100.101 。此外，crossdomain.xml文件位于网站的根的应用的供应小程序，而网站的服务的;然而，由于请求代理的URL文件 http://192.168.100.101/crossdomain.xml

  

*安全沙箱冲突* 连接到192.168.100.101:80   暂停 - 从不允许    http://192.168.100.101/com-web/flex/ComUi.swf 错误：请求资源的   的XMLSocket：//192.168.100.101：80由   从请求者    http://192.168.100.101/com-web/flex/ComUi.swf   由于缺乏政策文件中否认   权限。

 ＆LT; XML版本=1.0编码=UTF-8＆GT？;
＆LT;！DOCTYPE跨域，政策体系
http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
＆lt;交域政策＆GT;
＆LT;允许-HTTP请求报头，从域=*标题=*安全=FALSE/＆GT;
＆LT;允许存取来自域=*到端口=80，8080/＆GT;
＆LT; /跨域策略＆GT;
 

感谢。

解决方案

你试图将其使用Wireshark调试，看看是否应用程序发送请求的端口843，如果服务器发回通过插座上的反应如何？这是不是在您的文章完全清楚，如果你已经在使用一台服务器的应用程序，服务策略文件，如果没有，你应该，无论是方式，以下链接应该有所帮助。

如果您需要了解如何工作的详细信息，你可以看看这个

I'm using as3httpclientlib to post data to my web service, but I'm continually getting the following security violation. Does anyone know how to resolve this? My crossdomain.xml file is below the security violation notice.

NOTE: I'm using apache to proxy requests to the web service, therefore the target url/port and the url/port serving the applet are the same -- i.e. http://192.168.100.101. Also, the crossdomain.xml file is located in the root of the web app which serves the applet rather the web service; however, since the requests are proxied the url for the file is http://192.168.100.101/crossdomain.xml

* Security Sandbox Violation * Connection to 192.168.100.101:80 halted - not permitted from http://192.168.100.101/com-web/flex/ComUi.swf Error: Request for resource at xmlsocket://192.168.100.101:80 by requestor from http://192.168.100.101/com-web/flex/ComUi.swf is denied due to lack of policy file permissions.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
<allow-access-from domain="*" to-ports="80, 8080" />
</cross-domain-policy>

Thanks.

解决方案

Did you tried to debug it with WireShark, see if the app sends the request on port 843 and if the server sends back the response via socket? It was not totally clear in your post if you already use a server app to serve the policy file, if not, you should, either the way, the link below should help.

If you need more info about how things work, you can check out this

这篇关于安全沙箱冲突：缺乏政策文件权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！