在我的Flex应用程序，我需要一个JavaScript控件调用我的ActionScript方法之一。很简单，根据的Flex / ActionScript文档，我在我的Actionscript code写的：

In my Flex app, I need a Javascript control to call one of my Actionscript methods. Simple enough, according to the Flex/Actionscript documentation, I wrote this in my Actionscript code:

if (ExternalInterface.available)
    ExternalInterface.addCallback("setName", setNameInActiveWindow);

在JavaScript控件我写的：

In the Javascript control I wrote:

document.getElementById('FlexAppId').setName(name);

伟大工程。完全按预期，让我去生产。但它并不生产工作:(。完全相同的code ......我不明白。以上的JavaScript code运行，但回调没有在动作脚本$ C $执行℃。

Works great. Exactly as expected, so I went to production. But it doesn't work in production :(. Same exact code... I can't figure it out. The above Javascript code is run, but the callback is not executed in the Actionscript code.

这是否是与域的安全性？在当地，我使用local.mydomain.com:8080哪里local.mydomain.com解析为127.0.0.1（我需要做，所以一些小部件正常工作）。而Flex应用程序来自同一个本地网络服务器。在生产中，然而，这只是www.mydomain.com（mydomain.com是不是真正的域名）和Flex应用程序来自flash.mydomain.com（加币）。

Does this have something to do with domain security? Locally, I'm using local.mydomain.com:8080 where local.mydomain.com resolves to 127.0.0.1 (I need to do this so some widgets work properly). And the Flex app comes from the same local webserver. In production, however, it's just www.mydomain.com (mydomain.com is not the real domain name) and the Flex app comes from flash.mydomain.com (a CDN).

我在www.mydomain.com crossdomain.xml文件：

I have a crossdomain.xml file at www.mydomain.com:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
        <site-control permitted-cross-domain-policies="master-only"/>
        <allow-access-from domain="*.mydomain.com"/>
</cross-domain-policy>

更新的：我试图改变当地的环境，使得Flex应用程序是从flash.mydomain.com引用，就像在生产。原来我在本地得到同样的问题太多......如此看来，这是某种形式的域名安全问题，尽管crossdomain.xml文件我有以上。我需要改变的东西在我的crossdomain.xml？有什么额外的我需要获得 ExternalInterface.addCallback 来上班？

更新2 的：得到它的工作！我不得不这样做既的Security.allowDomain（*​​）和了Security.allowInsecureDomain（*​​）。将其设置为flash.mydomain.com没有解决这一问题，我不得不把一个通配符。 allowNetworking 无影响。我需要的allowScriptAccess =总是，但我不得不从之前。调用的Javascript ExternalInterface.call 只有这个参数所能完成的工作。但是，增加一个回调 ExternalInterface.addCallback 要求上述安全方法使用通配符。

UPDATE 2: Got it to work! I had to do both Security.allowDomain("*") and Security.allowInsecureDomain("*"). Setting it to flash.mydomain.com did NOT fix the issue, I had to put a wildcard. allowNetworking had no effect. I need allowScriptAccess="always", but I had that from before. Calling Javascript with ExternalInterface.call works easily with just that parameter. But adding a callback with ExternalInterface.addCallback requires the above Security methods with a wildcard.

推荐答案

您的SWF和DOM之间的通信不被跨域文件处理。 这种Flash内容和导航之间的相互作用是通过值处理的的allowScriptAccess 和 allowNetworking 标记中的HTML包装您的SWF。

Communication between your SWF and the DOM is not handled by the crossdomain file. This kind of interaction between Flash content and the navigator is handled by the values of allowScriptAccess and allowNetworking tags in the html wrapping your SWF.

由于您的SWF和HTML不是来自同一个合格的域名，你必须设置在的allowScriptAccess 的价值为总是。 不过要小心，因为这意味着如果你加载在SWF一个不受信任的内容，这也将有机会获得DOM的页面，可能做恶意的事情。

Because your SWF and the HTML are not from the same qualified domain, you have to set the allowScriptAccess value to always. But take care, because that means if you load an untrusted content in your SWF, it will also have access to the DOM page and possibly do malicious things.

有关更多信息，请查看：

For more info, please look at :

http://tv.adobe.com/watch/how-to-develop-secure-flash-platform-apps/scripting-and-allowscriptaccess/ http://kb2.adobe.com/cps/407/kb407748.html 的http://blogs.adobe.com/stateofsecurity/2007/07/how_to_restrict_swf_content_fr_1.html

http://tv.adobe.com/watch/how-to-develop-secure-flash-platform-apps/scripting-and-allowscriptaccess/ http://kb2.adobe.com/cps/407/kb407748.html http://blogs.adobe.com/stateofsecurity/2007/07/how_to_restrict_swf_content_fr_1.html