安全沙箱违规无法从 box.net 加载数据 [英] Security sandbox violation cannot load data from box.net

问题描述

我有一个应用程序可以向 box.net 上传/下载文件.该应用程序未部署在服务器上时运行良好，但当我将其部署到 Google App Engine 时，遇到以下错误.

I have an application which upload/download files to/from box.net. the application works fine when not deployed on server but when I deploy it on Google App Engine the following error is encountered.

错误 #2044:未处理的安全错误:.文本=错误 #2048:安全性沙盒违规:http://somexyz.appspot.com/xyzsample.swf 不能从 http://box.net/api/1.0/download/abcdef/123456 加载数据.

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://somexyz.appspot.com/xyzsample.swf cannot load data from http://box.net/api/1.0/download/abcdef/123456.

我在 as3 中包含了以下代码行

I have included the below lines of code in as3

Security.allowDomain("*");

并将 crossdomain.xml 放置在应用根文件夹(Google App Engine)中，并且可以使用 somexyz.appspot.com/crossdomain.xml

and placed crossdomain.xml in app root folder (Google App Engine) and can access the file using somexyz.appspot.com/crossdomain.xml

crossdomain.xml 包含以下几行

crossdomain.xml contains the below lines

<?xml version="1.0"?> 

<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"> 

<cross-domain-policy>

   <site-control permitted-cross-domain-policies="all"/>

   <allow-access-from domain="*" to-ports="*"/>

   <allow-http-request-headers-from domain="*" headers="*"/>

   <allow-http-request-headers-from domain="*"/>

</cross-domain-policy>

当我尝试使用 tomcat 时，我也遇到了同样的问题.

I am also getting the same issue when I tried using tomcat.

推荐答案

如果是从 box.net 加载，则需要检查 http://box.net/crossdomain.xml

If you are loading from box.net, you need to check the http://box.net/crossdomain.xml

您可以在那里阅读以下内容:

and there you can read following:

<!--
Box has recently changed its crossdomain policy for API calls made from Flash.
To continue using Box API, please add the following line to the code of your Flash
application:
- AS2: System.security.loadPolicyFile("http://www.box.net/api/crossdomain.xml");
- AS3: Security.loadPolicyFile("http://www.box.net/api/crossdomain.xml");
-->

更新

请确保您正确添加:

Security.loadPolicyFile("http://www.box.net/api/crossdomain.xml")

加载时:

*.load('http://www.box.net/api/1.0/download/abcdef/123456');

以便服务器的路径相同:http://www.box.net/

so that the path to the server would be the same: http://www.box.net/

对于 flash http://www.box.net/ 和 http://box.net/ 是两个不同的域名.

For flash the http://www.box.net/ and http://box.net/ are 2 different domain names.

这篇关于安全沙箱违规无法从 box.net 加载数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！