问题
My Flash/Flex application is having a problem. For a few months it was able to download files from Twilio but now I'm getting the following error:
(I've had to remove hyperlinks, so imagine "ttp" is really "http". :)
SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: ttp://localhost/myapp.swf?v=1 cannot load data from ttp://api.twilio.com/."
I enabled policy logging on my flash plugin and get the following messages:
OK: Searching for in policy files to authorize data loading from resource at ttp://api.twilio.com/ by requestor from ttp://localhost/myapp.swf?v=1 Warning: [strict] Policy file requested from ttp://api.twilio.com/crossdomain.xml redirected to ttps://api.twilio.com/crossdomain.xml; will use final URL in determining scope. Warning: Domain api.twilio.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See ttp://www.adobe.com/go/strict_policy_files to fix this problem. OK: Policy file accepted: ttps://api.twilio.com/crossdomain.xml Error: Request for resource at ttp://api.twilio.com by requestor from ttp://localhost/myapp.swf?v=1 is denied due to lack of policy file permissions.
So it looks to me like the problem is that Twilio doesn't specify a "meta-policy". Is there a way for me to get around this?
回答1:
localhost and twilio.com are not in the same domain so of course you will get a security error. Twilio needs to add this node into the crossdomain:
<site-control permitted-cross-domain-policies="all"/>
Also, make sure your embedding is up to par:
allowscriptaccess = "always"
allownetworking = "all"
If Twilio won't update the crossdomain.xml then you can install a proxy on the server hosting your flex app and grab the data via your proxy.
回答2:
As of January 2014, Twilio has added the necessary cross-domain permissions mentioned in this question. If problems persist in this vein, please e-mail our support squad at help@twilio.com
回答3:
the response of get crossdomain.xml must contain the HTTP response header "Content-Type:text/xml"
来源:https://stackoverflow.com/questions/5435495/flash-security-error-2048-is-there-a-workaround-or-does-twilio-have-to-change