Does the AS3 LoadPolicyFile function apply to remote swfs as well?
https://stackoverflow.com/questions/9537934
-
03-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a swf one one server that is pulling content from an Amazon S3 server. I have set up, for now, a generic cross-domain policy to allow all domains access:
On the server containing the swf:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
On the S3 server:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*"
headers="SOAPAction" />
</cross-domain-policy>
These seem to be playing nicely (for the most part) as my swf is loading json, xml, etc. files from the S3 server just fine now. What it's not doing right is loading swfs from the S3 server, when it tries to do that it throws this exception:
SecurityError: Error #2121: Security sandbox violation: Loader.content: s3.amazonaws.com/bucket_name/swfs/foo.swf cannot access s3.amazonaws.com/bucket_name/data/swfs/bar.swf. This may be worked around by calling Security.allowDomain.
I assume this is because remote swfs could contain malicious executable code. Do I actually need to set the allowDomain to something or is there some other 'more correct' way of allowing my swf to load up other remote swfs?
Solution
I've answered a similar question here:
https://stackoverflow.com/a/9547996/579230
In addition, if your crossdomain.xml is in place, you can just do loaderContext.checkPolicyFile = true instead of loading the file explicitly.
OTHER TIPS
Make sure you're using the bucket name as the subdomain for both the Policy file loading, and every file / URL request.
Solution:
