One thing to keep in mind is that crossdomain policies are designed as a one-way contract where Flash honors the principle of least privilege. It is highly unlikely that Yahoo enforces this policy within its web services... so proxying requests could be an option and should be explored before throwing up the white flag.
Rick Winscot On 12/3/08 12:20 AM, "Nate Beck" <[EMAIL PROTECTED]> wrote: > > > > If you look at the cross-domain file deployed on the yahoo site, it's not open > unless you are hosting from one of their domains: > > http://download.finance.yahoo.com/crossdomain.xml > <?xml version="1.0"?> > <!DOCTYPE cross-domain-policy > SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd";> > <cross-domain-policy> > <allow-access-from domain="*.yahoo.com <http://yahoo.com> " secure="false" > /> > <allow-access-from domain="*.yimg.com <http://yimg.com> " secure="false" /> > </cross-domain-policy> > http://finance.yahoo.com/crossdomain.xml > > <?xml version="1.0"?> > <cross-domain-policy> > <allow-access-from domain="*.yahoo.com <http://yahoo.com> " /> > <allow-access-from domain="us.js2.yimg.com <http://us.js2.yimg.com> " /> > </cross-domain-policy> > > So unless your flex app is being hosted from any yahoo.com <http://yahoo.com> > domain or yimg.com <http://yimg.com> domain, you will be denied access to the > data. > > HTH, > Nate > > On Tue, Dec 2, 2008 at 7:09 PM, Kevin <[EMAIL PROTECTED]> wrote: >> >> >> >> I have a Flex application that reads stock data from >> download.finance.yahoo.com <http://download.finance.yahoo.com/> , which >> takes various parameters and returns CSV formatted text. This is the site I >> used as a reference. (http://www.gummy-stuff.org/Yahoo-data.htm >> <http://www.gummy-stuff.org/Yahoo-data.htm> ). >> >> I have been hoping to improve upon an old classic ASP application that relies >> on a data file created nightly by a service that runs on one of our servers. >> I'd prefer to go right to the Yahoo source with the Flex application. >> >> The application runs on my desktop when accessed from the file system, but >> fails with a security error when I run it from a Web server. I suspect the >> issue may be a cross-domain issue, but I've read elsewhere on the Internet >> that Yahoo has a cross-domain file set up for that feed. Could I have been >> mislead by the Internet!? >> >> I've put this application with view source enable on my personal Website >> <http://www.frontlinewebdev.com/StockQuotes/StockQuoteDisplay.html> in case >> anyone can look at it and advise me about getting it working. I will >> appreciate any help that can be offered. >> >> Thanks, >> Kevin >> >> >> > > >
