Security Sandbox Violation

[AdrianaBaron]

Hi

I have an app with the following characteristics:

 

a. Developed in flex

b. need to load videos from another server.

c. have my videoloader like this: LoaderMaxA[LoaderMaxB[VideoLoader]]

 

The following is happening:

 

* If i DONT use the VideoLoader, and on the contrary load the video by sending the url directly to a videoplayer of flex, the video load without any issue

* If I load the video using the VideoLoader there is a Security sandbox violation like this:

 Error #2048: Security sandbox violation: http://www.xxx.InterfaceModules.swf cannot load data from http://xxx.transition_city.mp4.

 

my cross domain policy is:

<?xml version="1.0"?>
br />"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

 

and how I am accessing the content from the loader is like this:

 

//In some class I have
public var assets:LoaderMax;
//In other class I access to those assets (which are VideoLoader, SwfLoader, etc) and access "main" which is the loader for a video

vl= a.assets.getLoader("main");
this.videoHolder.addChild(vl.content);
vl.addEventListener(VideoLoader.VIDEO_COMPLETE,onVideoComplete);

//For the video to play again
vl.gotoVideoTime(0, true);

 

Do you have any idea as to what is this happening and how to fix it? I would greatly appreciate it ...

[GreenSock]

Did you set checkPolicyFile:true on your VideoLoader (in the vars parameter)?

 

If you're still having trouble, it would be super, amazingly, fantabulously helpful if you could send me a simple Flex app that demonstrates the issue. The simpler the better. I'd like to see the VideoLoader version as well as the straight-up Flex video player version (the one that you said works with the same URL). I'm sure we can get it figured out.

[AdrianaBaron]

I didnt do that but I just did and It doesnt work either

I will try to replicate the same issue with a simple example...

[AdrianaBaron]

Here is the code of the file it dint allowed me to upload it !!! either toobig or the fxp is not supported... This "http://someVideo url" should be changed to some video on the net

<?xml version="1.0" encoding="utf-8"?>
		   xmlns:s="library://ns.adobe.com/flex/spark" 
		   xmlns:mx="library://ns.adobe.com/flex/mx" minWidth="900" minHeight="600"  viewSourceURL="srcview/index.html">

 

This is an example, the Logger.xxx you can change for trace... the environment I'm testing is using XAMPP and I put it on the htdocs...

[AdrianaBaron]

Hey I found the answer to that... The situation is :

 

Server A: Has the swf calling the source of an external server, and it has the cross domain policy file

Server B: that has the video but no cross domain policy file

 

When I put on server B the cross domain policy file, that worked...

 

I thought it should work only by putting the crossdomain policy file on the Server where I have the swf meaning in this case Server A..

Do you know why does this happens?

 

Thank you

[GreenSock]

Ah yes, that makes perfect sense. That's how crossdomain.xml files work - they must be on the REMOTE server (server , not the one from which the swf is being served. Kinda makes sense if you think about it - think about if you owned the content on server B and some other developer was ripping you off by displaying your video on their site. Flash just wants to make sure that server B has granted permission, that's all. See what I mean?

 

What really confuses me is that you said Flex played it fine when you didn't use VideoLoader - was that right? Even without a crossdomain.xml file there? It certainly shouldn't have worked.

[AdrianaBaron]

Yes thats right!! It worked without the loader, I think that when using the Flex component, the component just displays the content but it doesnt access the data therefore displaying the content does not have any effect on security violation, so maybe I believe the loader its accessing not only the content but the data of the file therefore there is the security violation... Thats the only explanation I can think of...

 

I dont know...