tags:

views:

156

answers:

1
Q: 

How to avoid Security Errors when using the Youtube AS3 Player API.

I'm using the Youtube AS3 Player API to load video's in a Flash Project. I get this really annoying Error when loading the Player swf:

SecurityError: Error #2047: Security sandbox violation: parent: http://www.degoudenglimlach.be/main.swf cannot access http://www.youtube.com/[[IMPORT]]/s.ytimg.com/yt/swf/watch_as3-vflbgr4dW.swf.

I tried adding the following to my code before loading the swf but it doesn't make any difference:

Security.allowDomain("*");
Security.allowDomain("www.youtube.com");
Security.allowDomain("youtube.com");
Security.allowDomain("s.ytimg.com");
Security.allowDomain("i.ytimg.com");

Any Help would be great.

Here's my full Wrapper class:

package be.zap.media 
{
    import flash.display.Loader;
    import flash.display.Sprite;
    import flash.events.Event;
    import flash.net.URLRequest;
    import flash.system.Security;
    import flash.system.System;

    /**
     * ...
     * @author Yens Resmann
     */
    public class ZapYoutubeVideo extends Sprite
    {
        private var ytPlayer : Object;
        private var ldr : Loader
        private static const YOUTUBE_EMBEDDED_PLAYER_URL : String = "http://www.youtube.com/v/VIDEO_ID?version=3";

        public static const PLAYER_READY : String = "playerReady";

        public static const QUALITY_SMALL : String = "small";
        public static const QUALITY_MEDIUM : String = "medium";
        public static const QUALITY_LARGE : String = "large";
        public static const QUALITY_HD720 : String = "hd720";
        public static const QUALITY_HD1080 : String = "hd1080";
        public static const QUALITY_HIGHRES : String = "highres";
        public static const QUALITY_DEFAULT : String = "default";

        public function ZapYoutubeVideo() 
        {
            Security.allowDomain("*");
            Security.allowDomain("www.youtube.com");
            Security.allowDomain("youtube.com");
            Security.allowDomain("s.ytimg.com");
            Security.allowDomain("i.ytimg.com");

            ldr = new Loader();
            ldr.contentLoaderInfo.addEventListener(Event.INIT, handleInitPlayer);
            addEventListener(Event.REMOVED_FROM_STAGE, handleRemovedFromStage);
        }

        public function initPlayer(vidId : String) 
        {
            var url : String = YOUTUBE_EMBEDDED_PLAYER_URL.split("VIDEO_ID").join(vidId);
            ldr.load(new URLRequest(url));
        }

        private function handleInitPlayer(e:Event):void 
        {
            addChild(ldr);
            ldr.contentLoaderInfo.removeEventListener(Event.INIT, handleInitPlayer);

            ldr.content.addEventListener("onReady", handlePlayerReady);
            ldr.content.addEventListener("onError", handlePlayerError);
            ldr.content.addEventListener("onStateChange", handlePlayerStageChange);
            ldr.content.addEventListener("onPlaybackQualityChange", handlePlayerQualityChange);
        }

        private function handlePlayerReady(e:Event):void 
        {
            ytPlayer = ldr.content;
            dispatchEvent(new Event(PLAYER_READY));
        }

        public function queueVideoById(videoID : String, quality : String = QUALITY_DEFAULT):void 
        {
            ytPlayer.cueVideoById(videoID, 0, quality);
        }

        public function loadVideoById(videoID : String, quality : String = QUALITY_DEFAULT):void 
        {
            ytPlayer.loadVideoById(videoID, 0, quality);
        }

        public function queueVideoByUrl(url : String, quality : String = QUALITY_DEFAULT):void 
        {
            ytPlayer.cueVideoByUrl(url, 0, quality);
        }

        public function loadVideoByUrl(url : String, quality : String = QUALITY_DEFAULT):void 
        {
            ytPlayer.loadVideoByUrl(url, 0, quality);
        }

        public function setSize(w:int, h:int):void 
        {
            ytPlayer.setSize(w, h);
        }

        private function handlePlayerError(e:Event):void 
        {

        }

        private function handlePlayerStageChange(e:Event):void 
        {

        }

        private function handlePlayerQualityChange(e:Event):void 
        {

        }

        private function handleRemovedFromStage(e:Event):void 
        {
            removeEventListener(Event.REMOVED_FROM_STAGE, handleRemovedFromStage);
            dispose();
        }

        public function dispose():void 
        {
            ytPlayer.destroy();
            if (ldr) {
                if (contains(ldr)) {
                    removeChild(ldr);
                }
                ldr = null;
            }
        }

        /**
         * parse out the Youtube Video ID from the video URL
         * @param   url
         * @return String
         */
        public static function getIdFromURL(url:String):String
        {
            var parts : Array = [];
            if (url.indexOf("watch?v=") != -1) {
                parts = url.split("watch?v=");
            } else if (url.indexOf("watch/v/") != -1) {
                parts = url.split("watch/v/");
            } else if (url.indexOf("youtu.be/") != -1) {
                parts = url.split("youtu.be/");
            }
            return String(parts[1]).split("/").join("");
        }

        /**
         * get the thumbnail of the video
         * @param String youtube Video ID
         * @return URLRequest
         */
        public static function getThumbnail(videoId : String):URLRequest
        {
            return new URLRequest("http://img.youtube.com/vi/" + videoId + "/0.jpg"); 
        }

    }

}
A: 

I don't think it's possible , look at the error messages and you should see that they mainly have to deal with the fact that YouTube hasn't updated their crossdomain policy file and doesn't specify a meta policy. here's their policy file:

 <!-- http://www.youtube.com/crossdomain.xml --> 
 <!DOCTYPE cross-domain-policy 
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"&gt; 
 <cross-domain-policy> 
  <allow-access-from domain="*.youtube.com" /> 
  <allow-access-from domain="s.ytimg.com" /> 
 </cross-domain-policy>

They need to add a line like this:

 <site-control permitted-cross-domain-policies="all"/>
PatrickS  2010-09-24 09:07:17
So API is acutally pretty unless they update this policy file?
yens resmann  2010-09-24 10:13:45
well, it's working actually , these errors are mostly warnings that the policy file should be updated. it's annoying but there isn't much one can do about it
PatrickS  2010-09-24 16:43:44
Most of this Errors are warnings indeed. If this was the case, I wouldn't mind that much but the error I'm talking about makes Firefox + FP10.1 Crash for some reason.
yens resmann  2010-09-25 08:13:03
I don't think a security error would provoke a crash, at the worst you wouldn't be able to access content. I'm actually developing with the YT AS3 API as we speak, I had a few crashes today and re-installing Flash Player solved the issue.
PatrickS  2010-09-25 08:23:19
The crashes I have are caused by the new way of handeling plugin errors by Firefox 3.6.10 If you have installed Firefox 3.6.10 and the Flash Player 10.1 Debug player, every Runtime Error in Flash causes Firefox to crash. You can fix this by changing 2 values in the about:config file: http://nwebb.co.uk/blog/?p=538
yens resmann  2010-09-27 12:06:49
so it's not YouTube related, good to know either way...thanks for posting the info!
PatrickS  2010-09-27 15:06:36
wasn't able to replicate the crashes. i have firefox 3.6.10 with flash player debug MAC 10,1,85,3
PatrickS  2010-09-28 04:28:24
hm then it's probably a Windows 7 issue. maybe I should consider using a mac :p
yens resmann  2010-09-28 08:33:21

related questions

Are there any good programs for actionscript/flex that'll count lines of code, number of functions, files, packages,etc...
Drawing a custom label on a pie chart in Yahoo's Flash Library ASTRA
Is there a way to render svg data in a swf at runtime?
How can I resize a swf during runtime to have the browser create html scrollbars?
FLVPlayback component memory issues
Create an EXE from a SWF using Flex 3 without requiring AIR?
What are the naming conventions of an AS3 class?
How To Get Label Of Combobox to Fade In Flex
Best Practices for AS3 XML Parsing
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
Printing Flex components in FireFox 3
ActionScript 3.0 sockets can't reconnect
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.