Flash/Flex crossdomain issue - using BitmapData.draw() for image from AWS S3 results in SecurityError: Error #2122: Security sandbox violation

About

Asked 9/2, 2012 at 20:9 Answered 26/2, 2012 at 16:13

flash apache-flex amazon-s3 cross-domain bitmapdata

I am using BitmapData.draw() on a DisplayObject that includes an image from my AWS S3 bucket. The image loads fine in the swf when I set the S3 image URL as the source for an Image object but when I use BitmapData.draw() on it, it gives me this error:

SecurityError: Error #2122: Security sandbox violation: BitmapData.draw: https://www.example.com/Example.swf cannot access https://s3.amazonaws.com/example-images/example.jpg. A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.

AS code:

var bmpd:BitmapData = new BitmapData(objectToDraw.width,objectToDraw.height);
bmpd.draw(objectToDraw);

I have tried putting the following crossdomain.xml file in my S3 bucket root to no avail:

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

Factory answered 9/2, 2012 at 20:9 Comment(6)

Have you tried explicitly loading the policy file with Security.loadPolicyFile("whatever.com/crossdomain.xml") also check using a debugging proxy tool (like Charles) to see if the crossdomain.xml file is being loaded appropriately. – Epistyle 9/2, 2012 at 20:22

@Epistyle I have tried Security.loadpolicyFile() for the crossdomain.xml file in my S3 bucket but still throws security error. Could you explain a bit more about how to use a debugging proxy tool to see if it's being loaded appropriately? – Factory 9/2, 2012 at 20:44

Sure you can install the debugging proxy from here: charlesproxy.com then you just run it, don't you love it when things are easy :). Charles is a great one for Flex in particular because it does AMF/SSL decoding for you so you can inspect the results as typed objects, which is great. It will install a proxy setting into Firefox and requests will channel through Charles (it also somehow installs a Windows proxy on windows systems, you can disable either in the options in Charles and also narrow it to only decode/display certain URLs using the proxy settings->recording settings.) – Epistyle 9/2, 2012 at 20:48

To note in the more recent versions of Charles the SSL proxying is disabled by default you can right click a request in the sequence view and hit enable SSL proxying and it will proxy SSL requests for that domain. Then subsequent requests to that domain will be decoded, basically Charles will give the browser a certificate and will accept the certificate from the domain on your browsers behalf, then it's able to decode the info before re-encoding and passing it along. – Epistyle 9/2, 2012 at 20:50

Sorry for the "wall of text" but also to note if you need really low level monitoring of packets flying around you can also use Wireshark (we used this in my java socket communication class, it was invaluable when trying to write TCP on top of an unreliable channel like UDP). – Epistyle 9/2, 2012 at 20:53

This may help you out: #2333356 – Irrecusable 14/2, 2012 at 18:11

There are two ways to access files on S3:

s3.amazonaws.com/[bucket name]/file.ext
[bucket name].s3.amazonaws.com/file.ext

Since the crossdomain.xml file needs to be in the root folder of the domain, and you don't have access to the root folder of s3.amazonaws.com, you can't control the crossdomain.xml file if you are using the first method

If you are using the second method, you can put a crossdomain.xml file in the root folder of your bucket and it will be used correctly by the Flash Player.

Marleah answered 26/2, 2012 at 16:13 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags