Security Sandbox Violation: Lack of Policy File Pe

2020-04-10 15:24发布

问题:

I'm using as3httpclientlib to post data to my web service, but I'm continually getting the following security violation. Does anyone know how to resolve this? My crossdomain.xml file is below the security violation notice.

NOTE: I'm using apache to proxy requests to the web service, therefore the target url/port and the url/port serving the applet are the same -- i.e. http://192.168.100.101. Also, the crossdomain.xml file is located in the root of the web app which serves the applet rather the web service; however, since the requests are proxied the url for the file is http://192.168.100.101/crossdomain.xml

* Security Sandbox Violation * Connection to 192.168.100.101:80 halted - not permitted from http://192.168.100.101/com-web/flex/ComUi.swf Error: Request for resource at xmlsocket://192.168.100.101:80 by requestor from http://192.168.100.101/com-web/flex/ComUi.swf is denied due to lack of policy file permissions.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
<allow-access-from domain="*" to-ports="80, 8080" />
</cross-domain-policy>

Thanks.

回答1:

Did you tried to debug it with WireShark, see if the app sends the request on port 843 and if the server sends back the response via socket? It was not totally clear in your post if you already use a server app to serve the policy file, if not, you should, either the way, the link below should help.

If you need more info about how things work, you can check out this