actionscript callback() function - URLRequest() causes “Security Sandbox Violation”

Question

* Security Sandbox Violation *

SecurityDomain 'http://loadimage.my.com' tried to access incompatible context 'http://my.com/My.swf'

I am loading an jpg image file in actionscript.

In the callback function I want to addChild, but an "Security Sandbox Violation" is displayed.

public function preloadAll() {
    ...
    // call preLoad with callback function
    preLoad(function (slide:Slide):void{
        // 
        // loading this url causes the error *** Security Sandbox Violation ***
        //
        var url:String = "http://my.com/My.swf";
        var urlReq:URLRequest = new URLRequest(url); 
        var loader:Loader = new Loader() 
        loader.load(urlReq); 
        slide.image.addChild(loader);
    });
    ...
}


public function preLoad(callback: Function = null) : void {
    this.url = "http://image.my.com/cache/Picture_001.jpg"

    var self:Slide = this;
    this.image.addEventListener(Event.COMPLETE, function() : void {
            // callback when image completes loading
            callback(self);
    });

    this.image.load(this.url);
}    

http://my.com/crossdomain.xml
<?xml version="1.0" ?>
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*"/>
  <allow-access-from domain="" />
  <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

Answer 1

I'm not sure exactly what you're trying to do inside the code for image, but my guess is that you're trying to access the loader's content, which is obviously a security violation since the SWF is being loaded from a different domain.

There are two ways to access the content of a SWF that has been loaded from a different domain:

1. Load the SWF in the "current" security domain
2. Use Security.allowDomain() in the loaded SWF

More details here:

https://stackoverflow.com/a/9547996/579230