Actionscript 的 ExternalInterface.addCallback 只能在本地工作,不能在生产中使用 [英] Actionscript's ExternalInterface.addCallback only working locally, not in production
问题描述
在我的 Flex 应用程序中,我需要一个 Javascript 控件来调用我的 Actionscript 方法之一.很简单,根据 Flex/Actionscript 文档,我在我的 Actionscript 代码中写了这个:
In my Flex app, I need a Javascript control to call one of my Actionscript methods. Simple enough, according to the Flex/Actionscript documentation, I wrote this in my Actionscript code:
if (ExternalInterface.available)
ExternalInterface.addCallback("setName", setNameInActiveWindow);
在我写的 Javascript 控件中:
In the Javascript control I wrote:
document.getElementById('FlexAppId').setName(name);
效果很好.正如预期的那样,所以我去了生产.但它在生产中不起作用:(.完全相同的代码......我无法弄清楚.运行了上面的Javascript代码,但在Actionscript代码中没有执行回调.
Works great. Exactly as expected, so I went to production. But it doesn't work in production :(. Same exact code... I can't figure it out. The above Javascript code is run, but the callback is not executed in the Actionscript code.
这是否与域安全有关?在本地,我使用 local.mydomain.com:8080,其中 local.mydomain.com 解析为 127.0.0.1(我需要这样做,以便某些小部件正常工作).Flex 应用程序来自同一个本地网络服务器.然而,在生产环境中,它只是 www.mydomain.com(mydomain.com 不是真正的域名),而 Flex 应用程序来自 flash.mydomain.com(一个 CDN).
Does this have something to do with domain security? Locally, I'm using local.mydomain.com:8080 where local.mydomain.com resolves to 127.0.0.1 (I need to do this so some widgets work properly). And the Flex app comes from the same local webserver. In production, however, it's just www.mydomain.com (mydomain.com is not the real domain name) and the Flex app comes from flash.mydomain.com (a CDN).
我在 www.mydomain.com 上有一个 crossdomain.xml 文件:
I have a crossdomain.xml file at www.mydomain.com:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*.mydomain.com"/>
</cross-domain-policy>
UPDATE:我尝试更改本地环境,以便从 flash.mydomain.com 引用 Flex 应用程序,就像在生产中一样.事实证明,我在本地也遇到了同样的问题......所以尽管我上面有 crossdomain.xml 文件,但这似乎是某种域安全问题.我需要更改 crossdomain.xml 中的某些内容吗?要让 ExternalInterface.addCallback 工作,我还需要什么额外的东西吗?
UPDATE: I tried changing the local environment so that the Flex app is referenced from flash.mydomain.com, just like in production. It turns out I get the same problem locally too... so it seems this is some kind of domain security issue despite the crossdomain.xml file I have above. Do I need to change something in my crossdomain.xml? Is there something additional I need to get ExternalInterface.addCallback to work?
更新 2:开始工作了!我必须同时执行 Security.allowDomain("*") 和 Security.allowInsecureDomain("*").将它设置为 flash.mydomain.com 并没有解决问题,我不得不放一个通配符.allowNetworking 没有效果.我需要 allowScriptAccess="always",但我以前就有.使用 ExternalInterface.call 调用 Javascript 只需使用该参数即可轻松工作.但是使用 ExternalInterface.addCallback 添加回调需要上述带有通配符的安全方法.
UPDATE 2: Got it to work! I had to do both Security.allowDomain("*") and Security.allowInsecureDomain("*"). Setting it to flash.mydomain.com did NOT fix the issue, I had to put a wildcard. allowNetworking had no effect. I need allowScriptAccess="always", but I had that from before. Calling Javascript with ExternalInterface.call works easily with just that parameter. But adding a callback with ExternalInterface.addCallback requires the above Security methods with a wildcard.
推荐答案
跨域文件不处理 SWF 和 DOM 之间的通信.Flash 内容和导航器之间的这种交互由包装 SWF 的 html 中的 allowScriptAccess 和 allowNetworking 标记的值处理.
Communication between your SWF and the DOM is not handled by the crossdomain file. This kind of interaction between Flash content and the navigator is handled by the values of allowScriptAccess and allowNetworking tags in the html wrapping your SWF.
因为您的 SWF 和 HTML 不是来自同一个限定域,所以您必须将 allowScriptAccess 值设置为 always.但要小心,因为这意味着如果您在 SWF 中加载不受信任的内容,它也将可以访问 DOM 页面并可能执行恶意操作.
Because your SWF and the HTML are not from the same qualified domain, you have to set the allowScriptAccess value to always. But take care, because that means if you load an untrusted content in your SWF, it will also have access to the DOM page and possibly do malicious things.
更多信息,请看:
http://tv.adobe.com/watch/how-to-develop-secure-flash-platform-apps/scripting-and-allowscriptaccess/http://kb2.adobe.com/cps/407/kb407748.htmlhttp://blogs.adobe.com/stateofsecurity/2007/07/how_to_restrict_swf_content_fr_1.html
http://tv.adobe.com/watch/how-to-develop-secure-flash-platform-apps/scripting-and-allowscriptaccess/ http://kb2.adobe.com/cps/407/kb407748.html http://blogs.adobe.com/stateofsecurity/2007/07/how_to_restrict_swf_content_fr_1.html
这篇关于Actionscript 的 ExternalInterface.addCallback 只能在本地工作,不能在生产中使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
