2

我觉得好像我在用头撞墙。我已经尝试过(我认为)跨域 xml 文件的所有变体,但没有成功。无论我尝试什么,我似乎都无法让我的跨域 Loader() 请求工作。这是我的 policyfiles.txt 日志文件的输出

OK: Root-level SWF loaded: http://cool.com:81/WEBPLAYERAS3.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/a61d36278cc44cd1a0b8fa10f3edc914.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/ba8d7a1701954a6cb03e7aaf12a26a2b.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/91f6f184518247f0916692286dd7101a.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
OK: Policy file accepted: https://replayservice2.secretdomain.com/crossdomain.xml
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/a61d36278cc44cd1a0b8fa10f3edc914.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/ba8d7a1701954a6cb03e7aaf12a26a2b.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/91f6f184518247f0916692286dd7101a.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf
Error: Request for resource at https://replayservice2.secretdomain.com/api/servlet/screenshot/0.8/1.0/9175218823c9438aa322cdb767561dbd.jpg by requestor from http://cool.com:81/WEBPLAYERAS3.swf is denied due to lack of policy file permissions.

这是我的 crossdomain.xml 文件:

<cross-domain-policy xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*" secure="true"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

请注意,实际域已替换为 secretdomain.com。

我所做的只是在 AS3 中检索图像并将它们分配给位图。

更新

该问题似乎仅在从不安全的服务器调用我们的安全服务器时出现。这是禁止的,还是有办法解决这个问题?

4

6 回答 6

3

您的更新是您整个问题的答案:
“这个问题似乎只在从不安全的服务器调用我们的安全服务器时出现。这只是被禁止,还是有办法解决这个问题?”

特别是当我们查看您的策略文件的重要部分时: 

<allow-access-from domain="*" secure="true"/>

'secure=True' 部分意味着您特别不允许调用混合匹配安全和不安全连接,它们都必须是安全的。通过在那里拥有“真正”的价值,你就是那个禁止它的人。当然,解决方法是将其设置为“secure=False”,就像在此处发布的其他几个策略文件中一样。

于 2012-04-25T13:29:48.607 回答
2

如果您尝试从 http 端口到 https 端口进行通信,您将收到“swf is denied due to缺乏策略文件权限”以避免此类错误,您可以在 crossdomain.xml 中包含以下标记

  <allow-access-from domain="*" secure="false" to-ports="*" >

这解决了“安全沙盒违规”

如果您收到警告消息“未指定元策略。应用默认元策略'master-only'。” 将以下标记放在 crossdomain.xml 中

<站点控制允许跨域策略=“全部”>
于 2011-05-11T14:19:38.340 回答
1

如果有帮助,我已经包含了我们的跨域策略。我们唯一不同的是站点控制标签。

<cross-domain-policy xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <site-control permitted-cross-domain-policies="all"/> 
   <allow-http-request-headers-from domain="*"/> 
   <allow-access-from domain="*" secure="false" to-ports="*"/>
</cross-domain-policy>
于 2011-04-26T02:08:16.847 回答
0

除了在 'allow-access-from' 标记中设置 secure="false" 外,还要在 'allow-http-request-headers-from' 标记中设置 secure="false"。您的 crossdomain.xml 应该如下所示 -

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"  secure="false"/>
</cross-domain-policy>
于 2014-01-16T04:44:20.710 回答
0

我在您发布的内容中看到

OK: Root-level SWF loaded: http://cool.com:81/WEBPLAYERAS3.swf

这告诉我您的 swf 正在端口 81 上加载 您在
哪个端口上输出跨域?在您使用的每个端口上都有一个,这一点非常重要。

于 2011-04-26T03:01:25.483 回答
0

我是 ActionScript 新手,但Security.allowDomain("domain.com")能解决问题吗?

于 2011-04-26T01:52:09.370 回答