开发者

wrong protocol for crossdomain.xml in flex app

开发者 https://www.devze.com 2023-01-20 18:42 出处:网络
I\'ve changed the protocol for my flex app from https to http and flashplayer still wants to download the crossdomain.xml using https though with the port for http.

I've changed the protocol for my flex app from https to http and flashplayer still wants to download the crossdomain.xml using https though with the port for http. the app is accessed at http://domain01:8080/flex and it wants to get https:开发者_如何学JAVA..samedomain..:8080/crossdomain.xml (at https:..samedomain..no_port/flex it works fine).

Anyone any idea why?

Thanks a lot,

Daniel


No direct answer as I haven't tried this scenario of specifying a non-default port but a couple of piece of info that might lead you to an answer:

http://learn.adobe.com/wiki/download/attachments/64389123/CrossDomain_PolicyFile_Specification.pdf?version=1

This might be of interest:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.example.com" to-ports="507,516-523"/>
</cross-domain-policy>

or this:

10,0,12,0 site-control's permitted-cross-domain-policies default for non-socket policy files is "master-only"

Maybe try an older version of Flash Player to see if something in the changes from 9->10 is causing the issue then finding the change in the change logs might be easier or perhaps it's a bug in the new version.

Good luck Shaun


Flex (Atleast 3.5 AFAIK..) gets some identify crisis when you change port and use Https... The security model depends on the port.. I do not know the exact reason for the problem, but my solution was to load the crossdomain file in your app explicitly..

System.security.loadPolicyFile('https://mydomain:port/crossdomain.xml');


When you run into crossdomain issues, it's worth remembering that by using the Security class, you can always take explicit control over what crossdomain.xml file is loaded (in fact, the policy file can have any name you want). The default behavior of loading the policy file from the root of a server can often be too restrictive when dealing with more complex, real-world cases (with load-balancing or reverse proxies, for instance).

Try using:

Security.loadPolicyFile(<URI to the policy file goes here>);

The ASDocs are here and explain it quite well.

By taking control of how policies are loaded, you can gain more freedom and take a lot of the guesswork out of what can otherwise be a painful, frustrating experience. The Flash Player allows you to load multiple policy files which is handy if you need to integrate with more than one service layer (e.g. on one host through HTTPS and another through HTTP).

Good luck,

Taylor

0

精彩评论

暂无评论...
验证码 换一张
取 消