Hi guys,
I've been running into a problem with the SecurityError that stops a swf loading data from a URL on another server.
What I'm trying to do:
I'm trying to make a request to the StumbleUpon REST API from flash. Basically I'm using URLLoader and requesting like this:
Testing on local, everything works. Once it's on the remote server however, I get the 2048 error:Code:var req:URLRequest = new URLRequest( "http://www.stumbleupon.com/services/1.01/badge.getinfo?url=http://www.myurl.com/"); // set the the URL Loader if ( this.m_loader == null ) { this.m_loader = new URLLoader; this.m_loader.addEventListener( Event.COMPLETE, this._onComplete ); this.m_loader.addEventListener( HTTPStatusEvent.HTTP_STATUS, this._onHTTPStatus ); this.m_loader.addEventListener( IOErrorEvent.IO_ERROR, this._onIOError ); this.m_loader.addEventListener( SecurityErrorEvent.SECURITY_ERROR, this._onSecurityError ); } // get the data this.m_loader.load( req );
So first things first, I check to see if StumbleUpon has a crossdomain.xml file. They do, and it's this:Code:Error: [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: http://divillysausages.com/flash/Share.swf cannot load data from http://www.stumbleupon.com/services/1.01/badge.getinfo?url=http://divillysausages.com."]
Next, I enable proxy logging to see if it's being loaded alright. I get this:Code:<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="www.stumbleupon.com" /> <allow-access-from domain="*.stumble.net" /> <allow-access-from domain="stumble.net" /> <allow-access-from domain="*.stumbleupon.com" /> <allow-access-from domain="stumbleupon.com" /> <allow-access-from domain="cdn.stumble-upon.com" /> </cross-domain-policy>
OK, fair enough, there was a warning that the meta-policy wasn't specified, but the policy file was accepted all the same. Still no joy however.Code:OK: Root-level SWF loaded: http://divillysausages.com/flash/Share.swf OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at http://www.stumbleupon.com/services/1.01/badge.getinfo?url=http://divillysausages.com by requestor from http://divillysausages.com/flash/Share.swf Warning: Domain www.stumbleupon.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem. OK: Policy file accepted: http://www.stumbleupon.com/crossdomain.xml Error: Request for resource at http://www.stumbleupon.com/services/1.01/badge.getinfo?url=http://divillysausages.com by requestor from http://divillysausages.com/flash/Share.swf is denied due to lack of policy file permissions.
After doing *a lot* of reading, I came across this url http://www.thecosmonaut.com/2008/08/...-policy-files/ that says (it deals with flash 9):
"Flash 9 will only accept policy files of the following content-types:
- text/* (any text type)
- application/xml or application/xhtml+xml"
Using Charles, I took a look at the crossdomain.xml file that was being served up, and the Mime-type and Content-type of the xml file weren't set. Perhaps that means nothing; after all, the policy logging said that the file was accepted.
So, at the end, after spending about 4hrs this evening looking at posts, documenation, forum threads etc., I still can't get this data to load. It *will* load when I test the SWF locally, and I also tested the Facebook Graph API using this code (both locally and on the server) and that worked, which makes me think the problem is in the crossdomain.xml file of StumbleUpon.
Has anyone else come across this? Have you any ideas? Something else I could try (aside from creating a proxy through my server - the idea is that the code should work from anywhere)?
Thanks
A Flash Developer Resource Site
Reply With Quote
