Is there a way to grab a webpage with Actionscript??? I get a SecurityError...

Question

I am trying to grab a webpage with actionscript, but keep getting this error (example trying to grab github.com):

[SWF] /get-webpage.swf - 2,708 bytes after decompression Error: Request for resource at http://github.com by requestor from http://localhost:4567/get-webpage.swf is denied due to lack of policy file permissions.

* Security Sandbox Violation * Connection to http://github.com halted - not permitted from http://localhost:4567/get-webpage.swf

Is there any way to make that work in Actionscript? How does the crossdomain.xml file play into this? From my understanding, a website puts a crossdomain.xml at their root, specifying that a swf can access their stuff. Is that correct? What do I need to make the above work? The code I'm working with is basically this:

var request:URLRequest = new URLRequest("http://github.com")
var loader:URLLoader = new URLLoader();
loader.addEventListener(Event.COMPLETE, complete);
loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, error);
loader.load(request);

function complete(event:Event):void {
  trace(event.target.data);
}

function error(event:SecurityErrorEvent):void {
  trace(event.text);
}

With this in the HTML file:

var flashvars = {};
var params = {allowscriptaccess: "always"};
var attributes = {id: "my_flash", name: "my_flash"};
swfobject.embedSWF("/get-webpage.swf", "flash_content", "50%", "50%", "10.0.0", "playerProductInstall.swf", flashvars, params, attributes, swfHasLoadedSir);

Is it possible to get around that security error?

Answer 1

SHORT ANSWER, NO.

MEDIUM ANSWER, NO. I see that github has a crossdomain xml policy here. https://github.com/crossdomain.xml

This is the file that flash automatically loads when it tries to content from another domain.

This xml file is saying, only allow flash on github to suck down data. So github has explicitly said that they dont want you using flash to load any Of their content.

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd"&gt;
  <allow-access-from domain="github.com" />
    <allow-access-from domain="gist.github.com" />
    <site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

I think the reasoning for this flash behaviour is so that people + companies will trust flash. I think this mechanism could prevent massive DOS attacks (think of a Flash Banner loaded on a news site hitting say, github, it could cause a massive load).

You could email github and get your domain added to their list in the crossdomain file but that could take sometime and lots of politics.

LONG ANSWER, YES. You could create a HTTP Proxy using PHP or something this to pull in a webpage. The PHP or code would have to run on the same domain as you loaded your SWF file from. eg youdomain.com/folder/proxy.php . You would have to basically ask this proxy to fetch you a web page in PHP and return the results back to flash. This whole process is a bit of pain especially if you hare acting with a web service where you have to send parameters or HTTP headers. There are open source PHP proxy files online that you can install.

Good Luck! Back to watching Transformers 2 with Megan Fox. Oh yeah.