loading swf from AmazonS3 - crossdomain policy
https://stackoverflow.com/questions/2332856
-
22-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a flash app sitting in domainA which needs to load a swf which comes from an Amazon S3 bucket.
On load I get the following error. "Error #2044: Unhandled securityError:. text="
I have put a crossdomain file in the bucket and presumed that would do the trick. How can i fix this?
Solution
You can access S3 using bucket name DNS. So instead of s3.amazon.com/bucketname/filename it is bucketname.s3.amazon.com/filename. Using this method you can put your own crossdomain file in a root path
<allow-access-from domain="bucketname.s3.amazonaws.com" />
The better method is to use CNAME records on your DNS server to fake the root for your crossdomain file. e.g.
Make a CNAME record on your DNS server to point bucketname.yourdomainname.com to bucketname.s3.amazon.com
And then put your crossdomain file in that buckets root
<allow-access-from domain="bucketname.yourdomainname.com" />
And refer to flash files as bucketname.yourdomainname.com/flash.swf etc
OTHER TIPS
Loading swf files is not exactly the same as loading data. So you may need more than just crossdomain.xml. To see where it looks for the crossdomain.xml file, I'd recommend using a "sniffing" tool (like httpfox) to see where the Flash Player is looking for the file.
To allow swf from different domains to interact, you also need to call Security.allowDomain. See the adobe docs on cross-scripting for details.
Your crossdomain file needs to be on the server with the flash app that's doing the loading, not with the files its loading in. Then you specify the S3 domain as an allowed domain.
<allow-access-from domain="s3.amazonaws.com" />
Edit: Ok, I'm officially confused.
It appears JB is right in his comment about me having it the wrong way round. From here:
Whenever Flash Player 7 detects an out-of-domain data-loading request, the player tries to find a policy file on the server from which it attempts to load data. If a policy file exists and it grants access to the origin domain of the Flash movie making the request, then the operation succeeds.
However, we do this exact thing (load images into a flash component from a remote Amazon server) on one of our client web sites, yet our crossdomain.xml file is in the root of the loading web server—the Amazon buckets don't contain any policy files.
So how does our site work? According to the documentation, it shouldn't!
Edit 2
As per Wouter's comment, what I am doing is a special case which explains why it works for me even though my crossdomain files are in the wrong place...
