HLS-AES 128 加密是常用的 HLS 加密方式,但是最近在 HLS 视频服务器切换到加密模式时缺出现了 flash 客户端预览视频失败的情况,经排查是取 key 失败,查询服务器日志发现请求根本没有发送,所以几乎可以断定是 flash 跨域问题。
查询 crossdomain.xml 官方文档,发现文档中中有一个 secure 属性,是这么说的:
secure: [HTTPS and Sockets only, optional] Specifies whether access is granted only to HTTPS
documents from the specified origin (true) or to all documents from the specified origin (false).
If secure is not specified in an HTTPS policy file, it defaults to true. Using false in an HTTPS
policy file is not recommended because this compromises the security offered by HTTPS; for
example, allowing man-in-the-middle attacks to gain access to the HTTPS data protected by the
policy file.
In socket policy files, the default is false. It is only useful to specify secure=”true” when the
socket server is accepting connections from the local host since local socket connections are
generally not at risk of man-in-the-middle attacks that could alter the secure=”true”
declaration.
换成我自己的语言就是:如果 crossdomain.xml 这个文件本身是https取到的,那么这个地方如果不写的话,就默认 http 不能访问key。反之亦然。
所以问题就简单了,要么修改线段页面把 flash 地址改成 https,要么先临时设置 crossdomain.xml 如下:
<?xml version="1.0“?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="某个地址" secure="false" />
</cross-domain-policy>注意后者会降低安全性,临时用一下可以。
6647
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
