Why is Flash demanding a crossdomain.xml file when the .swf and http target are both on localhost?

青春壹個敷衍的年華 提交于 2019-12-05 17:22:34

问题


I've got a small client/server test application where I have a Flex app that makes an HTTP request of a server app. The server app is a script running on my local machine, listening on port 8001. The client is a swf that I am running locally, and uses mx.rpc.http.HTTPService to make the page request.

The HTTPService is being set up as per below:

_HttpService = new HTTPService();
_HttpService.url = "http://localhost:8001";
_HttpService.contentType = "text/xml";

When I make a basic page request, my server app is first receiving a "GET /crossdomain.xml HTTP/1.1" request, which is failing since I don't have a crossdomain.xml file in place. The reason I don't have one in place is because this is all happening on my local machine (for now) and I shouldn't need one (I don't think).

I definitely had this code working before without a crossdomain.xml when I was using Flex 3.x. I thought I had it working with Flex 4 as well. Now I'm using Flex 4.5. Is there an issue here, possibly due to security policy changes?

With all of this happening on localhost, why is the Flash player requesting a crossdomain.xml file?

In case it helps, the specific fault my AsyncResponder is getting back is:

[FaultEvent fault=[RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"] messageId="F43DCBFF-E99A-99CC-57D8-535C13C7CD48" type="fault" bubbles=false cancelable=true eventPhase=2]

回答1:


It may be that although you have the same host and protocol between the client page and server, the different port causes Flash to fail the same-origin test and request the crossdomain.xml to see what it's allowed to do. I'm assuming the page hosting your Flash content is running on port 80? If that's the case, check out Wikipedia's article on the same origin policy (http://en.wikipedia.org/wiki/Same_origin_policy) for the details.

The crossdomain.xml doesn't seem to be too cumbersome for local testing and is pretty well documented on help.adobe.com. You can create a crossdomain.xml in the root of your website like this, which will allow all access:

<?xml version="1.0"?> 
<!-- http://localhost/site/crossdomain.xml --> 
<cross-domain-policy> 
    <site-control permitted-cross-domain-policies="all"/> 
    <allow-access-from domain="*" to-ports="*"/> 
</cross-domain-policy>

I wouldn't use the above for anything other than local development as you're basically allowing any domain to request content.

Hope this helps!




回答2:


Using the policyfile.txt I figured out that the policy file was denied because there was no Content-Type specified by the server. This explains why it was impossible to find anything blogged about it.

Hope this helps someone.

In Flex 4.5 Mac /Users/[YOUR_USER_NAME]/Library/Preferences/Macromedia/Flash Player/Logs>tail -f policyfiles.txt



来源:https://stackoverflow.com/questions/6222499/why-is-flash-demanding-a-crossdomain-xml-file-when-the-swf-and-http-target-are

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!