[Flex] Cross Domain Policy

  • Cross Domain Policy
  • 在Flex SDK裡編寫的Socket程式在連線的過程中出現下面的訊息:

    <policy-file-request/>

    這是Flash Player 安全原則設定,在做網站連線或者Socket連結時需要先取得cross domain policy才能繼續連線。

    以Socket Policy File為例,crossdomain.xml寫法如下:

    <policy-file-request/>

    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM
    "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

    <cross-domain-policy>
    <allow-access-from domain="yoursockethosts.com" to-ports="2115"/>
    </cross-domain-policy>

    下面這個則為URL Policy File的寫法:

    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM
    "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

    <cross-domain-policy>
    <site-control permitted-cross-domain-policies="master-only"/>
    <allow-access-from domain="www.yourwebpage.com"/>
    </cross-domain-policy>

    在flash裡要要載入crossdomain最簡易的方法就是使用loadPolicyFile(),如下:

    package{
    import flash.net.Socket;
    import flash.events.Event;
    import flash.events.ProgressEvent;
    import flash.text.TextField;
    import flash.display.Sprite;
    import flash.system.Security;

    public class SocketDemo extends Sprite{
    private var socket:Socket;
    private var textField:TextField;

    Security.loadPolicyFile("http://localhost/crossdomain.xml");

    public function SocketDemo(){
    socket = new Socket("localhost", 2115);
    socket.addEventListener(Event.CONNECT, onConnected);

    textField = new TextField();
    addChild(textField);
    }

    private function onConnected(event:Event):void{
    textField.text = "connected!";
    }
    }
    }

    除了透過從 flash裡面主動去載入crossdomain.xml之外,你也可以把policy file寫入到server然後由server傳到Flash Socket裡。下面的寫法是承襲[Flash] Flash Socket & C++/Java Socket
    這一篇裡的C++ Socket的部份。

    string xml = "<cross-domain-policy><allow-access-from domain=\"*\" to-ports=\"1025-9999\"/></cross-domain-policy>";
    client.send(xml);

    詳細的cross domain policy file的資料可以參考下面的網頁:

    Cross-domain policy file specification

    如果你要了解更多關於Flash Security的問題請參考下面的網頁:

    Flash Player Developer Center - Security

No comments:

Post a Comment

Orange - data analysis tool

Installation pip install orange3 Run orange python -m Orange.canvas