tags:

views:

622

answers:

3
+1  Q: 

loading swf from AmazonS3 - crossdomain policy

Hi, Looking for a little help if anyone has any experience with this.

I have a flash app sitting in domainA which needs to load a swf which comes from an Amazon S3 bucket. On load I get the following error. "Error #2044: Unhandled securityError:. text="

I have put a crossdomain file in the bucket and presumed that would do the trick. Alas no joy.

Anyone got this working?

thanks

A: 

Your crossdomain file needs to be on the server with the flash app that's doing the loading, not with the files its loading in. Then you specify the S3 domain as an allowed domain.

<allow-access-from domain="s3.amazonaws.com" />

Edit: Ok, I'm officially confused.

It appears JB is right in his comment about me having it the wrong way round. From here:

Whenever Flash Player 7 detects an out-of-domain data-loading request, the player tries to find a policy file on the server from which it attempts to load data. If a policy file exists and it grants access to the origin domain of the Flash movie making the request, then the operation succeeds.

However, we do this exact thing (load images into a flash component from a remote Amazon server) on one of our client web sites, yet our crossdomain.xml file is in the root of the loading web server—the Amazon buckets don't contain any policy files.

So how does our site work? According to the documentation, it shouldn't!

Edit 2

As per Wouter's comment, what I am doing is a special case which explains why it works for me even though my crossdomain files are in the wrong place...

Mark B  2010-02-25 09:28:23
I'm pretty sure you've got this backwards, the crossdomain file needs to be on the sever you are loading data from, and the domain specified is where there swf file is from,
John Burton  2010-02-25 09:38:26
thanks, does this need to be in the route. Or can I throw it in the same folder as the main app? Much appreciated
Chin  2010-02-25 09:38:57
I wonder which way it is?
Chin  2010-02-25 09:40:56
It needs to be in the site root AFAIK.
Mark B  2010-02-25 09:49:09
@JB If the `crossdomain.xml` file was on the remote server with the assets to be loaded, then it could never be accessed by the SWF doing the loading, due to the same security restrictions.
Mark B  2010-02-25 09:51:54
Although now you've got me doubting myself! Hold on...
Mark B  2010-02-25 09:55:59
@JB +1, you're right, but in that case I'm not sure what's happening (see my edits).
Mark B  2010-02-25 10:05:49
Images are a special case in the Flash Player: you can show an image of a different domain (even without crossdomain.xml), but not access the bitmap data inside it.(This is mentioned at http://livedocs.adobe.com/flex/3/langref/mx/controls/Image.html )
Wouter Coekaerts  2010-02-25 10:10:20
Oh, you can display images from a different domain without a crossplatform.xml? I never knew that and it would solve one big problem with a project I wanted to do. hehe, even the comments on here are useful :)
John Burton  2010-02-25 10:45:32
Yep, there you go—I certainly learnt something today :)
Mark B  2010-02-25 14:35:26
+1  A: 

Loading swf files is not exactly the same as loading data. So you may need more than just crossdomain.xml. To see where it looks for the crossdomain.xml file, I'd recommend using a "sniffing" tool (like httpfox) to see where the Flash Player is looking for the file.

To allow swf from different domains to interact, you also need to call Security.allowDomain. See the adobe docs on cross-scripting for details.

Wouter Coekaerts  2010-02-25 10:16:56
+4  A: 

You can access S3 using bucket name DNS. So instead of s3.amazon.com/bucketname/filename it is bucketname.s3.amazon.com/filename. Using this method you can put your own crossdomain file in a root path

<allow-access-from domain="bucketname.s3.amazonaws.com" />

The better method is to use CNAME records on your DNS server to fake the root for your crossdomain file. e.g.

Make a CNAME record on your DNS server to point bucketname.yourdomainname.com to bucketname.s3.amazon.com

And then put your crossdomain file in that buckets root

<allow-access-from domain="bucketname.yourdomainname.com" />

And refer to flash files as bucketname.yourdomainname.com/flash.swf etc

TFD  2010-02-25 10:36:59
Thanks, went with the cname change - worked a treat.
Chin  2010-03-03 00:06:06

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.