CODEWITHSUNDEEP
flashactionscript-3facebook
John Himmelman
John Himmelman

Reputation: 22010

Flash / Facebook - Dynamically adding cross domain policy to SWF?

We're building an app that loads a user's photos from facebook. It seems facebook hosts these images across multiple hosts. Is it possible to dynamically add a cross domain policy, after a Security sandbox violation has occurred?

For example...

try
{
    // Load the photo passed from the js method
}
catch (SecuritySandboxViolation Exception:e)
{       
    /*

    Transform the exception message which contains the host url from...

    "security error: Error #2048: Security sandbox violation: http://canvas-app.domain.com/SWF.swf cannot load data from security error: Error #2048: Security sandbox violation: http://facebook.tombstone.com/halloween-party-kit/GI_2011_09_TOMBSTONE_SPOOKIFY.swf cannot load data from https://s-hphotos-sjc1.fbcdn.net/229411_989116685126_5519474_47232933_4376850_n.jpg.22421_989116685126_5519474_47232933_4376850_n.jpg."

    to...

    https://s-hphotos-sjc1.fbcdn.net    

    */

    var host = e.getMessage();

    // *magical string transformation*

    Security.loadPolicyFile(host)
}

Upvotes: 2

Views: 1312

Answers (2)

Jacob Eggers
Jacob Eggers

Reputation: 9332

If facebook hasn't put a crossdomain on their site, loadPolicyFile won't work.

However, what are you using to load the images? Usually, you don't need crossdomain.xml if you only want to display images.

Edit

https://s-hphotos-sjc1.fbcdn.net has a permissive crossdomain, so the problem seems to be in how the image is being loaded. Try setting LoaderContext.checkPolicyFile = true for the Loader.

Upvotes: 2

user562566
user562566

Reputation:

What's more likely the issue, is that within your SWF that is embedded in or actually is the app, you are not defining your own crossdomain policy. You need to do this either explicitly with AS3 code or put up a crossdomain policy on your own domain, the domain that is hosting your SWF file. Facebook is probably being restricted in what it can do with your SWF when it loads it, because of a lack of specification within your policy file, or it's missing all together. Remember the direction of things. You're not loading facebook with your SWF, facebook is loading your SWF. (Note also that Jacobs answer is correct too).

Upvotes: 1

Related Questions