闪存AS3 - domain.com/crossdomain.xml和安全性错误 [英] Flash AS3 - domain.com/crossdomain.xml and security error

问题描述

在code我用这个之前的URLLoader（SWF将与许多不同的领域使用，这将改变时间）：

In code I use this before URLLoader (swf will be used with many different domains and this will be changing in time):

Security.allowDomain("*");

在 http://domain.com/crossdomain.xml 的，我有这样的测试：

In http://domain.com/crossdomain.xml, I have this for test:

<?xml version="1.0" ?>
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*"/>
  <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

我想访问 http://domain.com/files/filename.bin ，仍然可以得到安全错误。

I am trying to access http://domain.com/files/filename.bin and still get security error.

好吧，我用crossdomainmaker.com创建访问（测试）的任何领域，并直接复制成文件服务器，并检测是否domain.com/crossdomain.xml访问。我检查的flashlog.txt，发现domain.com/crossdomain.xml被加载，而是因为它的语法错误，将被忽略 - 它由crossdomainmaker网站生成，也是正确的规格和实例通过互联网，所以我该怎么办

Ok, I used crossdomainmaker.com to create access for any domain (for test) and copied it directly into file server and also test if domain.com/crossdomain.xml is accessible. I checked flashlog.txt and found that domain.com/crossdomain.xml is loaded but will be ignored because of its syntax error - its generated by crossdomainmaker website and also correct with specifications and examples over internet, so what can I do?

推荐答案

跨域策略失误总是在一个痛苦的屁股。您可以发布确切的错误，当你得到它。此外，打开政策日志：的http://help.adobe.com/en_US/flex/using/WS2db454920e96a9e51e63e3d11c0bf69084-7ec4.html

Cross-domain policy errors are always a pain in the ass. Can you post the exact error and when you're getting it. Also, turn on policy logging: http://help.adobe.com/en_US/flex/using/WS2db454920e96a9e51e63e3d11c0bf69084-7ec4.html

通过这一点，你可以看到，如果正在加载该文件，如果它被superseeded由另一人，大约它为什么被拒绝。

With that, you can see if the file is being loaded, if it's being superseeded by another one, or roughly why it's being rejected.

在此期间，一些链接，可能是有用的。

In the meantime, some links that might be useful.

跨域策略规格： http://www.adobe.com/devnet/文章/ crossdomain_policy_file_spec.html （解释到底发生了什么在幕后）

Cross-domain policy spec: http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html (explains exactly what's going on behind the scenes)

跨域制造商： http://www.crossdomainmaker.com/ （宽松的政策文件语法）

Cross-domain maker: http://www.crossdomainmaker.com/ (easy policy file syntax)

在与跨域处理一些安全提示：<一href="http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html#articlecontentAdobe_numberedheader_3" rel="nofollow">http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html#articlecontentAdobe_numberedheader_3

Some security tips when dealing with cross-domain: http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html#articlecontentAdobe_numberedheader_3

顺便说一句，设置的*的策略是一个巨大的安全漏洞。

Btw, setting a policy of "*" is a huge security hole.

这篇关于闪存AS3 - domain.com/crossdomain.xml和安全性错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！