(Forward) the use of crossdomain.xml for Flash / Flex can transfer data across domains

2011-05-19  来源:本站原创  分类:Flash  人气:227 

Requirements: address domain name www.a.com and www.b.com communication problems between the

Using falsh / flex resolve cross-border transmission of data is the key to crossdomain.xml file

I. Overview

Flex or Flash, the students played all know, if you want the inside cross-domain access to data in Flash, you must configure the other server crossdomain.xml. Specifically, such as your Flash in the domain A below, and you want to access domain B exposed web service, then the domain B of the server root directory must have a crossdomain.xml file to configure that you have this permission. This is the Flash Player security restrictions.

Second, the test

We provide testpage.htm test page on the www.a.com this machine. Then in the page SetWebIMNetwork () This function is written as SetWebIMNetwork ("www.b.com", 5293), this page can connect to the server where www.b.com.

The following is the contents of crossdomain.xml (this is not limited connection, so not safe, it is best just to write up your own domain name, to avoid unauthorized domain name from the page to connect to):

<? Xml version = "1.0"?>
<! DOCTYPE SYSTEM Cross-domain-Policy " http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd " ;>
<allow-access-from domain="*" />
</ Cross-domain-policy>

If you need specific control, you can use the specific domain name and port, such as:

<allow-access-from domain="*" to-ports="5293" />
<allow-access-from domain="*.foo.com" to-ports="507,516" />
<allow-access-from domain="" to-ports="2000-6523" />
<allow-access-from domain="www.foo.com" to-ports="507,516-523" />
<allow-access-from domain="www.bar.com" to-ports="*" />
</ Cross-domain-policy>

In addition, A machine, testpage.htm B loaded on the machine so that Flash can refer to the following:

<Object classid = "clsid: d27cdb6e-AE6D-11CF-96b8-444553540000" CODEBASE = " http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab # Version = 8,0,0, 0 "width =" 83 "height =" 23 "align =" middle ">
<param name="allowScriptAccess" value="always" />
<Param name = "Movie" value = " http://www.b.com/CommP2.swf " ; />
<param name="quality" value="high" />
<param name="bgcolor" value="#ffffff" />
<Embed src = " http://www.b.com/CommP2.swf " ; Quality = "High" bgcolor = "# ffffff" width = "0" height = "0" name = "external2" align = "Middle "allowScriptAccess =" Always "type =" Application / x-Shockwave-Flash "pluginspage =" http://www.macromedia.com/go/getflashplayer " ; />
</ Object>

A page called flash of SetWebIMNetwork, set the network to connect to B, when B is connected, flash will first visit the server to be connected without crossdomain.xml policy file and check whether your domain name where the connection is allowed, if allowed, to be connected, otherwise the connection fails.

Flash cross-domain calls issue Js, because we offer interactive Flash plug-in and Js, if the js and the Flash in a different domain, js method calls within the flash, there will be mistakes. So add Flash to use <param name="allowScriptAccess" value="always" />

Mechanism of such cross-domain, you do not have to worry about other websites can connect to your WebIM server, you can simply write in the crossdomain.xml in the domain name to allow connection to it. And is equipped with accurate goods, even with a different second level domain name, not in the crossdomain.xml authorized, they can not connect to your server.

Therefore, crossdomain.xml, the best not to use a wildcard *, please limit the domain name you want to allow good

Third, crossdomain.xml file format

crossdomain.xml format is very simple, its root is <cross-domain-policy>, its next node contains one or more <allow-access-from>, <allow-access-from> has an attribute domain, the value to allow access to the domain, you can be the exact IP address, an exact domain or a wildcard domain (any domain). Below are two examples:
<? Xml version = "1.0"?>
<allow-access-from domain="www.163.com" />
......// Free to add more addresses.
</ Cross-domain-policy>

For versions prior to Flash Player 9, the crossdomain.xml file something like this:
Xml Code

  1. <? Xml version = "1.0" encoding = "UTF-8"?>
  2. <! DOCTYPE cross-domain-policy SYSTEM
  3. "Http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  4. <cross-domain-policy>
  5. <allow-access-from domain="*" secure="true" />
  6. </ Cross-domain-policy>

The above configuration allows access to all the domain data exposed by the current server (such as web service). Property which you can specify the domain specific rules. secure attribute is used to set up your data is exposed by walking https protocol.

But in terms of Flash Player 9, crossdomain.xml file content, there was greater change, because Flash Player 9's security mechanism to be changed. So when I use the Flex 3 cross domain web service call, the crossdomain.xml file also uses the above results to get an error saying security error. So a bit of a moment, get the following solution, in fact, is to change the contents of crossdomain.xml:

Xml Code

  1. <? Xml version = "1.0" encoding = "UTF-8"?>
  2. <! DOCTYPE cross-domain-policy SYSTEM
  3. "Http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  4. <cross-domain-policy>
  5. <site-control permitted-cross-domain-policies="all" />
  6. <allow-access-from domain="*" />
  7. <allow-http-request-headers-from domain="*" headers="*" />
  8. </ Cross-domain-policy>

Flash Player 9 or above is required by the contents of crossdomain.xml. You can see two more tag. One site-control is optional, but allow-http-request-headers-from the web service for cross domain indeed necessary. If you do not allow the header, will be the same as my previous error. The specific meaning of these configuration items, and other optional configuration items, refer to http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_security.pdf

View the local version of flash player: http://www.playerversion.com/

  • (Forward) the use of crossdomain.xml for Flash / Flex can transfer data across domains 2011-05-19

    Requirements: address domain name www.a.com and www.b.com communication problems between the Using falsh / flex resolve cross-border transmission of data is the key to crossdomain.xml file I. Overview Flex or Flash, the students played all know, if y

  • [IE6 only] on the Flash / Flex, returns the data stream error Error # 2032 produced the solution 2010-11-19

    Transfer from: http://www.xintend.com/Article/Error_2032_only_in_IE.aspx When the test today Found, flash either be submitted with the POST or GET data. IE error under the Federation. However, in the background check has access to data and back infor

  • CrossDomain.xml的作用及其简单用法 . 2012-12-27

    使用crossdomain.xml让Flash可以跨域传输数据 本文来自http://www.mzwu.com/article.asp?id=975 一.概述 位于www.mzwu.com域中的SWF文件要访问www.163.com的文件时,SWF首先会检查163服务器目录下是否有crossdomain.xml文件,如果没有,则访问不成功:若crossdomain.xml文件存在,且里边设置了允许www.mzwu.com域访问,那么通信正常.所以要使Flash可以跨域传输数据,其关键就是cros

  • flash crossdomain.xml using sendAndLoad and cross-domain access to files across network 2010-12-17

    Easy to read the file flash flash using LoadVars () class sendAndLoad way, you can easily read the file, including php, asp files and other dynamic languages. LoadVars object method by its sendAndLoad object property variable transmission (send) to t

  • flash跨域策略文件crossdomain.xml配置详解 2013-11-07

    一.简介 flash在跨域时唯一的限制策略就是crossdomain.xml文件,该文件限制了flash是否可以跨域读写数据以及允许从什么地方跨域读写数据. 位于www.a.com域中的SWF文件要访问www.b.com的文件时,SWF首先会检查www.b.com服务器目录下是否有crossdomain.xml文件,如果没有,则访问不成功:若crossdomain.xml文件存在,且里边设置了允许www.a.com域访问,那么通信正常.所以要使Flash可以跨域传输数据,其关键就是crossdo

  • Cross-domain policy file - Flash security sandbox problem solving 2010-04-26

    A basic explanation Flash document with the data access to another domain. Flash Player will automatically try to load policy file from that domain. If you try to access the data in the Flash document, including in the domain where the policy file, t

  • Cross-domain policy file crossdomain.xml file on the 2011-05-10

    http://www.xiaonei.com/crossdomain.xml <! - Http://www.xiaonei.com/ -> ? <cross-domain-policy> <allow-access-from domain="*.xiaonei.com"/> <allow-access-from domain="xiaonei.com"/> </ Cross-domain-policy>

  • 关于跨域策略文件crossdomain.xml文件 2011-08-29

    http://www.xiaonei.com/crossdomain.xml <!– http://www.xiaonei.com/ –> ? <cross-domain-policy> <allow-access-from domain="*.xiaonei.com"/> <allow-access-from domain="xiaonei.com"/> </cross-domain-policy> 这是

  • Can not access web server, crossdomain.xml security sandbox problems 2009-12-26

    Using the jboss server to other machines can not access the host, mainly the security sandbox crossdomain.xml question is not placed in the following directory jboss caused by server \ all \ deploy \ jbossweb-tomcat55.sar \ ROOT.war crossdomain.xml f

  • Glassfish V3 when the next page using swf crossdomain.xml should be placed where? 2010-06-10

    In Flex Builder I first made a small swf file, all the normal debugging, Java EE applications can be communication. When the swf embedded in the Servlet after a run on the prompt security error: Fault faultString="Security error accessing url" f

  • crossdomain.xml used when cross-domain access xml file 2010-07-05

    With fushioncharts made a show of data pie chart, a good test of this machine, put the server hung. See log, error: ActionController::RoutingError (No route matches "/crossdomain.xml" with {:method=>:get}) google, that need to build a cross-d

  • Flex on cross-domain policy file crossdomain.xml 2010-08-16

    When Flex access WebService Service, the normal access to the local , When deployed to the web container is released web Service, then call WebServicIE, At this time will be denied access, which is Flex Sandbox cross-domain access issues , In order t

  • ArcGIS server tomcat crossdomain.xml 2010-10-25

    If your arcgis server to the tomcat installation under the different flex machine access problem, we need to put the domain access policy file crossdomain.xml Installation directory \ ArcGIS \ java \ web_output under

  • Cross-domain calls issue of Flex Webservice 2010-07-22

    Recently in a project to do with Flex, as usual in the native debugging, reached after the server the following error: [RPC Fault faultString = "Security error accessing url" faultCode = "Channel.Security.Error" faultDetail = "Una

  • flash and the background data exchange methods the 3-WebService articles 2010-04-10

    3, WebService Personally feel that the WebService data access speed, second only to Remoting, but WebService is a universal interface, the general server technologies are supported! WebService advantages: 1.WebService more extensive interface support

  • flash and the background data exchange methods the 2-Flash Remting Posts 2010-04-10

    2, Flash Remoting Flash Remoting The data interface is a four among the most efficient! Advantages: 1. To support more data types (Converting from application server data types to ActionScript); 2. Pass the data volume is huge; 3. Operating efficienc

  • flash and the background data exchange methods the 1-LoadVars articles 2010-04-10

    PS Recently, some friends always ask flash to interact with the background problem, so I made some conclusions and order, and I think we all have had easy! Now I know, Flash and background data exchange there are several ways the following (if you fe

  • 写于Silverlight整装待发之际(七):Silverlight VS Flash/Flex 2014-11-22

    系列文章目录索引:<写于Silverlight整装待发之际> 对于两个事物的比较,我们通常会从两个方面出发,共同点和不同点,今天我也打算这么来比. 首先来看共同点: 1. 两者都是用于RIA(富英特网应用)开发的. 2. 两者都提供了基于矢量的图形/动画解决方案. 3. 两者的播放器都是用ActiveX写的. 4. 两者都有自己独立的图形和程序开发工具. 再来看不同点,那可就多了,下面一一列举: 文件格式 Flash/Flex Silverlight UI代码文件 .fla, .mxml .x

  • Flash.Flex large collection of resources (Complete) 2010-03-09

    Intermittent collection of Flash, Flex-related resources, it has a lot of deposit with no view, coupled with his order not too good, but can not find the time to looking. This to be a "Shiquandabu" to a Beat Festival, the one convenience, and se

  • Flash Flex open source game engine 2010-03-28

    Today went to the Beijing World 9RIA.com the activities, at which a number of Flash Flex game engine FFilmation is a 2.5D game engine, similar to the Diablo games that 45-degree engine http://www.ffilmation.org/website/ PushButton Engine Flash game e