Roughly speaking:
AppDom/SecDom are for ActionScript code/classes. crossdomain.xml allows you to import code/classes into the same SecDom/AppDom so you can use the classes, otherwise you end up in a separate sandbox All instances of things in a separate sandbox are off-limits, and cannot access you either. crossdomain.xml also allows you to access the display area of displayobjects and image data because it effectively imports that thing into your sandbox AllowDomain permits code in another sandbox to touch things in your sandbox There is a "security white paper" on adobe.com that tries to explain all of this. The idea is that you cannot use Flash as a screenscraper of other flash content or image data w/o permission of the server owner for both spoofing and server load reasons. And, of course, you don't want to accidentally load bad code and have it steal stuff from you. Flickr used to have crossdomain.xml files in the correct places, but pulled them for some reason. I think if you google around you'll find out why. So suddenly, they've made flash apps harder and proxy servers are needed. HTH, -Alex ________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Jurgen Beck Sent: Saturday, May 26, 2007 5:14 AM To: [email protected] Subject: Re: {Disarmed} RE: [flexcoders] Flickr - Issue with LoaderContext I had this working for most part, retrieving and displaying the images from Flickr, but BitmapData.draw was always throwing a security sandbox violation when I needed to hide the canvas the Flickr images were displayed in. Karl Johnson has written more about it here: http://www.cynergysystems.com/blogs/page/karljohnson?entry=working_aroun d_security_sandbox_errors <http://www.cynergysystems.com/blogs/page/karljohnson?entry=working_arou nd_security_sandbox_errors> The problem is that the crossdomain.xml is at http://api.flickr.com/crossdomain.xml <http://api.flickr.com/crossdomain.xml> , but the actual images are pulled from http://farm1.static.flickr.com/ <http://farm1.static.flickr.com/> ... So running the app, I am seeing an error: Failed to load policy file from http://farm1.static.flickr.com/crossdomain.xml <http://farm1.static.flickr.com/crossdomain.xml> We're obviously not loading the crossdomain.xml from the right place, as there is no crossdomain.xml at that location. Next, I looked closer at James Ward's example of using Ely's DisplayShelf component to retrieve images from Flickr: http://www.jamesward.org/wordpress/2006/11/06/flex-widgets-from-widgetsl ive/ <http://www.jamesward.org/wordpress/2006/11/06/flex-widgets-from-widgets live/> The AppDom and SecDom approach is taken from Ely's DisplayShelf component, where he uses it with the SWFLoader. May not be needed for images, I simply just left it in there. I've taken a second look at Jame's write-up and he's posted a follow-up in the comment section on April 20, 2007 where he's showing a proxy setup to get around the issues at hand. His example wouldn't work either until the proxy setup was in place. This may be what I have to do as well. It's just amazing to me that there is no unified approach to this. I agree with you, either you have access permission to the images, or you don't. Jurgen Alex Harui wrote: I'm not clear that AppDom and SecDom affect loading images (JPG, GIF, etc). You either have permission from the crossdomain.xml at flickr.com or you don't. You can almost always load it, you just can't always access its pixels. ________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Jurgen Beck Sent: Friday, May 25, 2007 3:34 PM To: [email protected] Subject: [flexcoders] Flickr - Issue with LoaderContext I'm running into security sandbox violation issues trying to load images from a Flickr account. Since the Image component derives from SWFLoader I am setting the LoaderContext before the image source is assigned. The image component is used inside my custom component, which in turn is used as an itemRenderer in a TileList. Here is the image component code fragment: <mx:Image id="imgThumbnail" source="{data.url}" initialize="imageInit()" width="75" height="75"/> Here is my imageInit() method: private function imageInit():void { loaderContext = new LoaderContext(); loaderContext.applicationDomain = ApplicationDomain.currentDomain; loaderContext.securityDomain = SecurityDomain.currentDomain; loaderContext.checkPolicyFile = true; imgThumbnail.loaderContext = loaderContext; } I've traced through the processes and the LoaderContext is definitely in place before the image source gets assigned, so I should be good. However, the application is still returning a security sandbox violation error stating that the connection to http://farm1.static.flickr.com/... <http://farm1.static.flickr.com/...> was halted - not permitted from [my server]. This obviously should be working fine. Looking through Ely's DisplayShelf component, there are no such issues. So the question is what else is missing. Anyone with some thoughts? Thanks, Jurgen
