如何绕过一个本地文件与另一个本地文件相同的原始策略违例? [英] How do I bypass a same origin policy violation for one local file to another?
问题描述
我试图半重建Mozilla的演示使用JavaScript + < video> + < canvas> b
加载我的文档会导致错误控制台报告此错误:
错误:未捕获异常:[异常。 ..安全错误代码:1000nsresult:0x805303e8(NS_ERROR_DOM_SECURITY_ERR)位置:file:///media/disk/javascript/html5/chromakey/chromakey1.htm线:23]
这里是第23行:
this.referenceImageData = this.bCtx.getImageData(0,0,this.bufferCanvas.width,this.bufferCanvas.height);
它试图从画布上获取图像数据,我之前复制了一帧视频:
this.bCtx.drawImage(this.inputElement,
0,0,
this.inputElement .width,this.inputElement.height,
0,0,
this.bufferCanvas.width,this.bufferCanvas.height
);
其中 this.inputElement 钻石)元素:
< video id =MainInputsrc =320x240.oggwidth =320height = 240>< / video>
有没有办法通过此错误而不使用JAR签名我的代码?
我认为它与Firefox的同源策略有关( https ://developer.mozilla.org/en/Same_origin_policy_for_JavaScript )有本地文件访问问题,但我无法确定从哪里开始。
从文件系统中,每个文件在不同的来源(这防止访问例如 / etc / passwd XMLHttpRequest 或 iframe ,然后使用query-string将数据传递到Web上的某个服务器, code>< img> 或通过javascript自动发送表单)。请参见 http://tools.ietf.org/html/draft-abarth-origin(它谈到实现定义的值,最简单的是每个文件有不同的起源)
解决你的问题的最简单的方法是运行HTTP服务器。
可能有一个解决方案使用 Firefox的每文件权限但我不确定它是真的值得它给运行一个本地HTTP服务器...(YMMV)多么便宜
I'm trying to semi-recreate Mozilla's demo usage of JavaScript + <video> + <canvas> with files that aren't hosted on a server.
Loading my document causes the error console to report this error:
Error: uncaught exception: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "file:///media/disk/javascript/html5/chromakey/chromakey1.htm Line: 23"]
Here's line 23:
this.referenceImageData = this.bCtx.getImageData(0, 0, this.bufferCanvas.width, this.bufferCanvas.height);
It's trying to get the image data from a canvas to which I previously copied a frame of video like this:
this.bCtx.drawImage(this.inputElement,
0, 0,
this.inputElement.width, this.inputElement.height,
0, 0,
this.bufferCanvas.width, this.bufferCanvas.height
);
Where this.inputElement references this (fairly boring) element:
<video id="MainInput" src="320x240.ogg" width="320" height="240"></video>
Is there any way to get past this error without signing my code with a JAR?
I think it has to do with Firefox's same origin policy (https://developer.mozilla.org/en/Same_origin_policy_for_JavaScript) having an issue local file access, but I can't figure out where to go from there.
From the filesystem, each file is in a different origin (this prevents accessing e.g. /etc/passwd –let's say using an XMLHttpRequest or an iframe, and then pass data to some server on the Web using the query-string when loading an <img> or automatically sending a form though javascript). See http://tools.ietf.org/html/draft-abarth-origin (it talks about "implementation-defined value", and the easiest is to have a distinct origin per file)
The easiest way to workaround your issue is to run an HTTP server.
There might be a solution using Firefox's "per-file permission" but I'm not sure it's really worth it given how cheap it is to run a local HTTP server... (YMMV)
这篇关于如何绕过一个本地文件与另一个本地文件相同的原始策略违例?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
