I've just tried our app in Flash Player 10, and we're hitting
SecurityError #2048 when attempting to load through URLStream from a
different domain. We do load the policy file first:
Security.loadPolicyFile("http://example.com:8080/foo/crossdomain.xml";);
Our cross-domain.xml file is open:
<?xml version="1.0"?>
<!DOCTYPE
cross-domain-policy
SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd";>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>
We have not had any problems in Flash Player 9 in Firefox, and, oddly
enough, our app works fine on Flash Player 10 in Opera.
I've started looking at security changes, and our crossdomain.xml is
*not* at the root of the domain and we do *not* have a meta-policy file,
so I assume that could be an issue. I find it really odd that this still
works in Opera, however.
I've started reading through the (rather extensive)
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes_02.html#head1
and http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html
but I wanted to ask if there's anything else I should know, and if anyone has
any insights on the Opera Flash Player 10 behavior.
Thanks,
--
Maciek Sakrejda
Truviso, Inc.
http://www.truviso.com
