我有一個使用flex窗體捕獲用戶輸入的應用程序。當用戶輸入表單數據(包括繪圖區域)時,應用程序會創建一個表單的jpg圖像併發送回服務器。由於數據很敏感,因此必須使用https。此外,客戶端要求將表單的jpg和pdf版本存儲在服務器上。flex應用程序的IE跨域篩選器
應用程序發送回數據在三個步驟中
1 - 與ORDERNUMBER
2發送JPG快照 - 發送形式的數據字段作爲後數據,所以它不是在地址欄中可見
3 - 發送pdf數據
我首先使用urlloader發送jpg數據並等待服務器在執行操作2和3之前做出響應,以確保服務器創建了與新的記錄相關的記錄 訂單號。
此代碼在http上的IE中正常工作。但是,如果我嘗試通過https使用應用程序,則IE將阻止來自store jpg步驟的頁面響應,並且urlloader的完整事件不會觸發。該應用程序可以通過http或https在FireFox中正常工作。
這裏是(我已經替換爲「」的域)的crossdomain.xml:
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.<mydomain>.com" to-ports="*" secure="false"/>
<allow-http-request-headers-from domain="*.<mydomain>.com" headers="*">
</cross-domain-policy>
這裏是代碼,當用戶按下提交執行按鈕:
私人函數loaderCompleteHandler(event:Event):void {
sendPDF();
sendPatientData();
}
private function submitOrder(pEvt:MouseEvent):void
{
//disable submit form so the order can't be submitted twice
formIsValid = false;
waitVisible = true;
//submit the jpg image first with the order number, userID, provID
//and order type. The receiveing asp will create the new order record
//and save the jpg file. jpg MUST be sent first.
orderNum = userID + "." + provID + "." + Date().toString() + "." + orderType;
var jpgURL:String = "https://orders.mydomain.com/orderSubmit.asp?sub=jpg&userID=" + userID + "&provID=" + provID + "&oNum=" + orderNum + "&oType=" + orderType;
var jpgSource:BitmapData = new BitmapData (vbxPrint.width, vbxPrint.height);
jpgSource.draw(vbxPrint);
var jpgEncoder:JPEGEncoder = new JPEGEncoder(100);
var jpgStream:ByteArray = jpgEncoder.encode(jpgSource);
var header:URLRequestHeader = new URLRequestHeader ("content-type", "application/octet-stream");
//Make sure to use the correct path to jpg_encoder_download.php
var jpgURLRequest:URLRequest = new URLRequest (jpgURL);
jpgURLRequest.requestHeaders.push(header);
jpgURLRequest.method = URLRequestMethod.POST;
jpgURLRequest.data = jpgStream;
//navigateToURL(jpgURLRequest, "_blank");
var jpgURLLoader:URLLoader = new URLLoader();
try
{
jpgURLLoader.load(jpgURLRequest);
}
catch (error:ArgumentError)
{
trace("An ArgumentError has occurred.");
}
catch (error:SecurityError)
{
trace("A SecurityError has occurred.");
}
jpgURLLoader.addEventListener(Event.COMPLETE, loaderCompleteHandler);
}
private function sendPatientData():void
{
var dataURL:String = "https://orders.mydomain.com/orderSubmit.asp?sub=data&oNum=" + orderNum + "&oType=" + orderType;
//Make sure to use the correct path to jpg_encoder_download.php
var dataURLRequest:URLRequest = new URLRequest (dataURL);
dataURLRequest.method = URLRequestMethod.POST;
var dataUrlVariables:URLVariables = new URLVariables();
dataUrlVariables.userID = userID
dataUrlVariables.provID = provID
dataUrlVariables.name = txtPatientName.text
dataUrlVariables.dob = txtDOB.text
dataUrlVariables.contact = txtPatientContact.text
dataUrlVariables.sex=txtSex.text
dataUrlVariables.ind=txtIndications.text
dataURLRequest.data = dataUrlVariables
navigateToURL(dataURLRequest, "_self");
}
private function sendPDF():void
{
var url:String = "https://orders.mydomain.com/pdfOrderForm.asp"
var fileName:String = "orderPDF.pdf&sub=pdf&oNum=" + orderNum + "&oType=" + orderType + "&f=2&t=1" + "&mid=" + ModuleID.toString()
var jpgSource:BitmapData = new BitmapData (vbxPrint.width, vbxPrint.height);
jpgSource.draw(vbxPrint);
var jpgEncoder:JPEGEncoder = new JPEGEncoder(100);
var jpgStream:ByteArray = jpgEncoder.encode(jpgSource);
myPDF = new PDF(Orientation.LANDSCAPE,Unit.INCHES,Size.LETTER);
myPDF.addPage();
myPDF.addImageStream(jpgStream,0,0, 0, 0, 1,ResizeMode.FIT_TO_PAGE);
myPDF.save(Method.REMOTE,url,Download.ATTACHMENT,fileName);
}
目標asp頁面不發回任何數據,除了t他基本的網站頁面模板。
任何人都可以幫我弄清楚如何解決這個IE跨域問題?我在IE工具安全設置中關閉了XSS過濾器,但仍然沒有解決問題。
感謝
謝謝薩姆。 加載swf的頁面來自https網址,flex代碼中的所有url都顯式爲https:// url's。我最近將X-XSS-Protection:0頭添加到服務器響應中。我似乎還沒有獲得URLLoader上的Complete事件。 – 2010-01-23 19:10:35