我有两台服务器。服务器A是具有从外面的世界在这里设置了我的办公室访问内部服务器。它在其上运行Rails的服务器。我有第二个服务器，服务器B，它包含了所有我们的静态内容（图片，主权财富基金的JavaScript，CSS等），这是一个Amazon S3服务器。我已经给所有这些文件的公共访问。

I have two servers. Server A is an internal server that has access from the outside world set up here in my office. It has a Rails server running on it. I have a second server, Server B, that contains all our static content (images, swfs, javascript, css, etc.), it is an Amazon S3 server. I have given all these files public access.

我在尝试是把一个swf从服务器B通过服务器A.再服一个页面上，该SWF需要以其他资产，以显示获得动态地从服务器B.然而沿着装不幸的是，在什么地方这样它的失败和被请求动态加载该文件只是永远不会到来。

What I am attempting is to put a swf from Server B on a page served by Server A. Then, the other assets that the swf requires in order to display get dynamically loaded from Server B. Unfortunately, however, somewhere along the way it's failing and the files that are requested to be dynamically loaded just never arrive.

根据我的浏览器控制台错误瑞士法郎期待crossdomain.xml文件是基于的这个，它也需要一个是我的S3服务器上。所以，这是我创建了两个crossdomain.xml的文件，每个服务器的情况下

Based on errors in my browser console the swf is expecting a crossdomain.xml file to be on Server A. Based on this, it also needs one to be on my S3 server. So, that being the case I have created two crossdomain.xml files, one for each server.

这是服务器A的crossdomain.xml文件：

This is Server A's crossdomain.xml file:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
  "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="s3-bucket-name.s3.amazonaws.com" />
</cross-domain-policy>

这是服务器B的crossdomain.xml文件：

This is Server B's crossdomain.xml file:

<?xml version="1.0" encoding="UTF-8"?>    
<!DOCTYPE cross-domain-policy SYSTEM
  "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*.server-a.com"/>
  <allow-http-request-headers-from domain="*.server-a.com" headers="SOAPAction"/>
</cross-domain-policy>

此外，我明确地加载在我的SWF服务器B的crossdomain.xml文件：

Additionally, I am explicitly loading Server B's crossdomain.xml file in my swf:

Security.loadPolicyFile("https://s3-bucket-name.s3.amazonaws.com/crossdomain.xml");

不管我做什么，但是，它是行不通的。我不知道还有什么尝试。我试图通过一些解决方案在这里寻找对左右，但一切都没有帮助我解决我的问题呢。当然，其他人已在这方面比我有，可以给我一些指导，我是pretty的很多的想法在这一点上更多的经验。

No matter what I do, however, it just does not work. I'm not sure what else to try. I've tried looking through a number of the solutions here on SO but nothing has helped me resolve my problem yet. Surely someone else has had more experience in this than I have and can give me some guidance, I'm pretty much out of ideas at this point.

更新 更新有一些更多的信息，我的问题。

Update Updating my question with some more info.

我已尝试设置这两个政策文件，以*，并开始工作，直到它击中了：

I tried setting both policy files to * and it started working until it hit:

SecurityError: Error #2121: Security sandbox violation: Loader.content: s3.amazonaws.com/bucket_name/swfs/foo.swf cannot access s3.amazonaws.com/bucket_name/data/swfs/bar.swf. This may be worked around by calling Security.allowDomain.

此外，我跑了查尔斯和它拉从我的两个本地服务器crossdomain.xml的，但我没有看到它的S3。

Additionally, I ran Charles and it is pulling the crossdomain.xml from both my local server but I don't see it for s3.

更新2 我尝试添加这样的加载器：

Update 2 I tried adding this to the loader:

var context:LoaderContext = new LoaderContext();
context.securityDomain = SecurityDomain.currentDomain;
context.applicationDomain = ApplicationDomain.currentDomain;
Loader.load(new URLRequest(_dataFile), context);

这导致文件实际下载！不幸的是，现在它崩溃了这一点：

This resulted in the files actually downloading! Unfortunately now it crashes out with this:

SecurityError: Error #2119: Security sandbox violation: caller s3.amazonaws.com/bucket_name/swfs/MainSwf.swf cannot access LoaderInfo.applicationDomain owned by s3.amazonaws.com/bucket_name/data/swfs/foo/SecondSwf.swf

我试过，包括/不包括的context.applicationDomain = ApplicationDomain.currentDomain来。行，但是这并没有解决这个问题。

I've tried including/not including the context.applicationDomain = ApplicationDomain.currentDomain; line but that hasn't resolved the issue.

哪里是实际发生的飞机坠毁在以后的文件被加载后，在那里我们得到的applicationDomain： loader_.contentLoaderInfo.applicationDomain.getDefinition（def.a）

Where the crash is actually occurring is at a later time after the file is loaded where we are getting the applicationDomain: loader_.contentLoaderInfo.applicationDomain.getDefinition( def.a )

推荐答案

看起来你有a.swf和B.swf中不同的域，并a.swf试图访问B.swf中的内容（通过 Loader.content ），毫无疑问，它是一个安全错误失败的。

It looks like you have a.swf and b.swf on different domains, and a.swf is trying to access the content of b.swf (via Loader.content), and no doubt it's failing with a security error.

您有两种选择：

加载B.swf中。你可以通过传递一个新的的LoaderContext 到 Loader.load（）的A.swf的code做到这一点和设置 LoaderContext.securityDomain中= SecurityDomain.currentDomain的

Load b.swf in the same security domain as a.swf (i.e. the "current" security domain). You can do this in a.swf's code by passing a new LoaderContext to Loader.load() and setting the loaderContext.securityDomain = SecurityDomain.currentDomain

明确地允许a.swf通过调用的Security.allowDomain（）来访问B.swf中B.swf中的code与A.swf的域名作为参数

Explicity allow a.swf to access b.swf by calling Security.allowDomain() in b.swf's code with a.swf's domain name as the parameter

你选择哪一个取决于其他因素。有了第一个，B.swf中能做些什么a.swf能做而言跨域安全（即存取文件等）（一切！）;与第二个，在A.swf的域中的任何SWF文件能够访问B.swf中的内容。这真的取决于你想要如何建立信任。

Which one you choose depends on other considerations. With the first one, b.swf is able to do what a.swf can do (everything!) in terms of cross-domain security (i.e. access files, etc.); with the second one, any SWF file on a.swf's domain is able to access b.swf's content. It really depends how you want to set up the trust.