All true. Seeing that there really is no alternative other than using a
proxy server, I implemented a solution that seems to be working for this
specific application.
I ended up using at32.com ReverseProxy (http://www.at32.com), which is
for Windows. As long as the reverse proxy is bound to the IP address
that the Flex application is running on not even a crossdomain.xml is
needed.
Hope this helps someone else.
Jurgen
Alex Harui wrote:
Roughly speaking:
AppDom/SecDom are for ActionScript code/classes.
crossdomain.xml allows you to import code/classes into the same
SecDom/AppDom so you can use the classes, otherwise you end up in a
separate sandbox
All instances of things in a separate sandbox are off-limits, and
cannot access you either.
crossdomain.xml also allows you to access the display area of
displayobjects and image data because it effectively imports that
thing into your sandbox
AllowDomain permits code in another sandbox to touch things in your
sandbox
There is a "security white paper" on adobe.com that tries to explain
all of this. The idea is that you cannot use Flash as a screenscraper
of other flash content or image data w/o permission of the server
owner for both spoofing and server load reasons. And, of course, you
don't want to accidentally load bad code and have it steal stuff from you.
Flickr used to have crossdomain.xml files in the correct places, but
pulled them for some reason. I think if you google around you'll find
out why. So suddenly, they've made flash apps harder and proxy
servers are needed.
HTH,
-Alex
------------------------------------------------------------------------
*From:* [email protected] [mailto:[EMAIL PROTECTED]
*On Behalf Of *Jurgen Beck
*Sent:* Saturday, May 26, 2007 5:14 AM
*To:* [email protected]
*Subject:* Re: {Disarmed} RE: [flexcoders] Flickr - Issue with
LoaderContext
I had this working for most part, retrieving and displaying the images
from Flickr, but BitmapData.draw was always throwing a security
sandbox violation when I needed to hide the canvas the Flickr images
were displayed in. Karl Johnson has written more about it here:
http://www.cynergysystems.com/blogs/page/karljohnson?entry=working_around_security_sandbox_errors
<http://www.cynergysystems.com/blogs/page/karljohnson?entry=working_around_security_sandbox_errors>
The problem is that the crossdomain.xml is at
http://api.flickr.com/crossdomain.xml
<http://api.flickr.com/crossdomain.xml>, but the actual images are
pulled from http://farm1.static.flickr.com/
<http://farm1.static.flickr.com/>... So running the app, I am seeing
an error:
Failed to load policy file from
http://farm1.static.flickr.com/crossdomain.xml
<http://farm1.static.flickr.com/crossdomain.xml>
We're obviously not loading the crossdomain.xml from the right place,
as there is no crossdomain.xml at that location.
Next, I looked closer at James Ward's example of using Ely's
DisplayShelf component to retrieve images from Flickr:
http://www.jamesward.org/wordpress/2006/11/06/flex-widgets-from-widgetslive/
<http://www.jamesward.org/wordpress/2006/11/06/flex-widgets-from-widgetslive/>
The AppDom and SecDom approach is taken from Ely's DisplayShelf
component, where he uses it with the SWFLoader. May not be needed for
images, I simply just left it in there.
I've taken a second look at Jame's write-up and he's posted a
follow-up in the comment section on April 20, 2007 where he's showing
a proxy setup to get around the issues at hand. His example wouldn't
work either until the proxy setup was in place.
This may be what I have to do as well. It's just amazing to me that
there is no unified approach to this. I agree with you, either you
have access permission to the images, or you don't.
Jurgen
Alex Harui wrote:
I'm not clear that AppDom and SecDom affect loading images (JPG, GIF,
etc). You either have permission from the crossdomain.xml at
flickr.com or you don't.
You can almost always load it, you just can't always access its pixels.
------------------------------------------------------------------------
*From:* [email protected]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Jurgen Beck
*Sent:* Friday, May 25, 2007 3:34 PM
*To:* [email protected]
*Subject:* [flexcoders] Flickr - Issue with LoaderContext
I'm running into security sandbox violation issues trying to load images
from a Flickr account.
Since the Image component derives from SWFLoader I am setting the
LoaderContext before the image source is assigned. The image component
is used inside my custom component, which in turn is used as an
itemRenderer in a TileList.
Here is the image component code fragment:
<mx:Image id="imgThumbnail"
source="{data.url}"
initialize="imageInit()"
width="75" height="75"/>
Here is my imageInit() method:
private function imageInit():void {
loaderContext = new LoaderContext();
loaderContext.applicationDomain =
ApplicationDomain.currentDomain;
loaderContext.securityDomain =
SecurityDomain.currentDomain;
loaderContext.checkPolicyFile = true;
imgThumbnail.loaderContext = loaderContext;
}
I've traced through the processes and the LoaderContext is definitely in
place before the image source gets assigned, so I should be good.
However, the application is still returning a security sandbox violation
error stating that the connection to
http://farm1.static.flickr.com/... <http://farm1.static.flickr.com/...>
was halted - not permitted from [my server].
This obviously should be working fine. Looking through Ely's
DisplayShelf component, there are no such issues. So the question is
what else is missing.
Anyone with some thoughts?
Thanks,
Jurgen
