Login/Register
loading swf from AmazonS3 - crossdomain policy
Asked Answered
Solved apache-flexactionscript-3flashcrossdomain.xml
G

3

2

I have a flash app sitting in domainA which needs to load a swf which comes from an Amazon S3 bucket. On load I get the following error. "Error #2044: Unhandled securityError:. text="

I have put a crossdomain file in the bucket and presumed that would do the trick. How can i fix this?

Gain answered 25/2, 2010 at 9:20 Comment(2)
What do you have in the crossdomain.xml file?Extol
Allow all domains. cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy>Gain
P
9

You can access S3 using bucket name DNS. So instead of s3.amazon.com/bucketname/filename it is bucketname.s3.amazon.com/filename. Using this method you can put your own crossdomain file in a root path

<allow-access-from domain="bucketname.s3.amazonaws.com" />

The better method is to use CNAME records on your DNS server to fake the root for your crossdomain file. e.g.

Make a CNAME record on your DNS server to point bucketname.yourdomainname.com to bucketname.s3.amazon.com

And then put your crossdomain file in that buckets root

<allow-access-from domain="bucketname.yourdomainname.com" />

And refer to flash files as bucketname.yourdomainname.com/flash.swf etc

Paunchy answered 25/2, 2010 at 10:36 Comment(0)
L
1

Loading swf files is not exactly the same as loading data. So you may need more than just crossdomain.xml. To see where it looks for the crossdomain.xml file, I'd recommend using a "sniffing" tool (like httpfox) to see where the Flash Player is looking for the file.

To allow swf from different domains to interact, you also need to call Security.allowDomain. See the adobe docs on cross-scripting for details.

Li answered 25/2, 2010 at 10:16 Comment(0)
E
0

Your crossdomain file needs to be on the server with the flash app that's doing the loading, not with the files its loading in. Then you specify the S3 domain as an allowed domain.

<allow-access-from domain="s3.amazonaws.com" />

Edit: Ok, I'm officially confused.

It appears JB is right in his comment about me having it the wrong way round. From here:

Whenever Flash Player 7 detects an out-of-domain data-loading request, the player tries to find a policy file on the server from which it attempts to load data. If a policy file exists and it grants access to the origin domain of the Flash movie making the request, then the operation succeeds.

However, we do this exact thing (load images into a flash component from a remote Amazon server) on one of our client web sites, yet our crossdomain.xml file is in the root of the loading web server—the Amazon buckets don't contain any policy files.

So how does our site work? According to the documentation, it shouldn't!

Edit 2

As per Wouter's comment, what I am doing is a special case which explains why it works for me even though my crossdomain files are in the wrong place...

Extol answered 25/2, 2010 at 9:28 Comment(7)
I'm pretty sure you've got this backwards, the crossdomain file needs to be on the sever you are loading data from, and the domain specified is where there swf file is from,Mayhew
thanks, does this need to be in the route. Or can I throw it in the same folder as the main app? Much appreciatedGain
It needs to be in the site root AFAIK.Extol
@JB If the crossdomain.xml file was on the remote server with the assets to be loaded, then it could never be accessed by the SWF doing the loading, due to the same security restrictions.Extol
@JB +1, you're right, but in that case I'm not sure what's happening (see my edits).Extol
Images are a special case in the Flash Player: you can show an image of a different domain (even without crossdomain.xml), but not access the bitmap data inside it. (This is mentioned at livedocs.adobe.com/flex/3/langref/mx/controls/Image.html )Li
Oh, you can display images from a different domain without a crossplatform.xml? I never knew that and it would solve one big problem with a project I wanted to do. hehe, even the comments on here are useful :)Mayhew

© 2022 - 2024 — McMap. All rights reserved.