0

I have a SWF file which is on suppose myserver1.com/my.swf and I have an cross domain file

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.imageDomain1.com" />
<allow-access-from domain="*.AnotherimageDomain1.com" />
<allow-access-from domain="*.imageDomain2.com" />
</cross-domain-policy>

The ActionScript Code is.

Security.loadPolicyFile("http://myserver1.com/crossdomain.xml");
var context:LoaderContext = new LoaderContext();
context.checkPolicyFile = true;

// The following is working (SESSION 1)
var request:URLRequest = new URLRequest('http://img.imageDomain1.com/firstImage.jpg');
var loader:Loader = new Loader();
loader.load(request, context);

// The following is not working (SESSION 2)
var request1:URLRequest = new URLRequest('http://img.AnotherimageDomain1.com/firstImage.jpg');
var loader1:Loader = new Loader();
loader1.load(request1, context);

I dont know that happend. When I user Firebug, the swf is looking for http://img.imageDomain1.com/crossdomain.xml it is present there. But http://img.AnotherimageDomain1.com/crossdomain.xml is not there(I can't put any corssdomain file there, because I dont have any access).

The issue is image from (SESSION 1) is resizing and image from (SESSION 2) is not resizing on the COMPLETE Event.

Please help me!!!

coderex
  • 27,225
  • 45
  • 116
  • 170

1 Answers1

2

If you do not have access to http://img.AnotherimageDomain1.com/, then you will never be able to put a crossdomain.xml there.
It is thus to be expected that your current solution will not be able to cope with the sandbox problem.

The solution is that you will need to create a proxy.
The proxy should be made available at the public root of http://img.imageDomain1.com/, being the domain you DO have access to.

Since the proxy will run in the same domain as your application, it will act as a go-between to provide your application with data from outside it's own domain, thus effectively circumventing the sandbox.

Keep in mind though that you should made your proxy restrictive or your site might become vulnerable to XSS attacks.

Cheers

Dennis Jaamann
  • 3,547
  • 2
  • 23
  • 42
  • 1
    Good answer Dennis, but perhaps you meant to say "The proxy should be made available at http://img.imageDomain1.com" rather than "The proxy should be made available at http://img.imageDomain1.com/crossdomain.xml"? In other words, the proxy needs to run on a server where you can put a crossdomain.xml, or on the same domain as the swf is loaded from (no crossdomain.xml needed). – Lars Blåsjö Jun 17 '11 at 14:36
  • @Lars, indeed you are right. Should have used CPD on this one :p – Dennis Jaamann Jun 17 '11 at 14:41