The unbeatable Security sandbox dilemma - Policy file not working!

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

The unbeatable Security sandbox dilemma - Policy file not working!

Kevin Burke
Hi,
I have a Papervision plane that uses a user's Facebook profile picture as a MovieClip in a MovieMaterial.

When I test this .swf from my local machine, it works, but when I upload it to my web host, I get an error.

SITE:
http://www.kevinburkeportfolio.com/Facebook/facebook_test.html

ERROR MESSAGE:
SecurityError: Error #2122: Security sandbox violation: BitmapData.draw: http://www.kevinburkeportfolio.com/Facebook/facebook_test.swf/[[DYNAMIC]]/3 cannot access http://profile.ak.fbcdn.net/hprofile-ak-snc4/hs347.snc4/41502_689060327_4407_n.jpg. A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
	at flash.display::BitmapData/draw()
	at Main/checkLoad()

I have read about this sandbox/checkPolicyFile problem in many posts, so I included this crossdomain file in the root folder of my server.
http://www.kevinburkeportfolio.com/crossdomain.xml
AND here:
http://www.kevinburkeportfolio.com/Facebook/crossdomain.xml

I also added the following code to my Facebook MovieClip's AS class' constructor function:
			Security.allowDomain("*");
			Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");
			loaderContext = new LoaderContext(true);
			loaderContext.checkPolicyFile = true;

And this code after the MovieClip connects to the Facebook user's profile:
                        loader = new Loader();
			loader.contentLoaderInfo.addEventListener(Event.COMPLETE, init);
			loader.load(url,loaderContext);

I also added this code to my document class's properties:
                        public var checkPolicyFile:Boolean;

AND this to the constructor:
                        checkPolicyFile = true;
			Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");

The plane is NOT built until the image is done loading and I even drew in a white box to the MovieClip so there would be something in it before the plane requested its instance.

I'm out of ideas. Can anyone please help???!?!?!?!?!?!?!!?!??!?!?!?!?!?!?!?!?!?
Reply | Threaded
Open this post in threaded view
|

Re: The unbeatable Security sandbox dilemma - Policy file not working!

Zeh Fernando-3
Crossdomain needs to be on the target domain (profile.ak.fbcdn.net), not on the source (kevinburkeportfolio.com).

Usually just having checkPolicyFile set to true is enough. However, in this case, knowing Facebook, it's probably because the actual image loading is redirecting you to a different domain (via 302 redirect), and redirect loads don't take checkPolicyFile into consideration (it's always set to false).

The solution is loading the crossdomain file yourself beforehand.

TL;DR: Just do...

     Security.loadPolicyFile("http://profile.ak.fbcdn.net/crossdomain.xml");

...somewhere on your application's initialization.

You can get rid of the other loadPolicyFile methods and crossdomain.xml files.


Zeh


On Tue, Sep 28, 2010 at 5:07 PM, Kevin Burke <[hidden email]> wrote:

Hi,
I have a Papervision plane that uses a user's Facebook profile picture as a
MovieClip in a MovieMaterial.

When I test this .swf from my local machine, it works, but when I upload it
to my web host, I get an error.

SITE:
http://www.kevinburkeportfolio.com/Facebook/facebook_test.html

ERROR MESSAGE:
SecurityError: Error #2122: Security sandbox violation: BitmapData.draw:
<a href="http://www.kevinburkeportfolio.com/Facebook/facebook_test.swf/[[DYNAMIC]]/3" target="_blank">http://www.kevinburkeportfolio.com/Facebook/facebook_test.swf/[[DYNAMIC]]/3
cannot access
http://profile.ak.fbcdn.net/hprofile-ak-snc4/hs347.snc4/41502_689060327_4407_n.jpg.
A policy file is required, but the checkPolicyFile flag was not set when
this media was loaded.
       at flash.display::BitmapData/draw()
       at Main/checkLoad()

I have read about this sandbox/checkPolicyFile problem in many posts, so I
included this crossdomain file in the root folder of my server.
http://www.kevinburkeportfolio.com/crossdomain.xml
AND here:
http://www.kevinburkeportfolio.com/Facebook/crossdomain.xml

I also added the following code to my Facebook MovieClip's AS class'
constructor function:
                       Security.allowDomain("*");

Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");
                       loaderContext = new LoaderContext(true);
                       loaderContext.checkPolicyFile = true;

And this code after the MovieClip connects to the Facebook user's profile:
                       loader = new Loader();
                       loader.contentLoaderInfo.addEventListener(Event.COMPLETE, init);
                       loader.load(url,loaderContext);


I also added this code to my document class's properties:
                       public var checkPolicyFile:Boolean;

AND this to the constructor:
                       checkPolicyFile = true;

Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");

The plane is NOT built until the image is done loading and I even drew in a
white box to the MovieClip so there would be something in it before the
plane requested its instance.

I'm out of ideas. Can anyone please
help???!?!?!?!?!?!?!!?!??!?!?!?!?!?!?!?!?!?
--
View this message in context: http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717943.html
Sent from the Papervision3D mailing list archive at Nabble.com.

_______________________________________________
Papervision3D mailing list
[hidden email]
http://osflash.org/mailman/listinfo/papervision3d_osflash.org


_______________________________________________
Papervision3D mailing list
[hidden email]
http://osflash.org/mailman/listinfo/papervision3d_osflash.org
Reply | Threaded
Open this post in threaded view
|

Re: The unbeatable Security sandbox dilemma - Policy file not working!

viaria
In reply to this post by Kevin Burke
hey,
it works for me.
Reply | Threaded
Open this post in threaded view
|

Re: The unbeatable Security sandbox dilemma - Policy file not working!

Kevin Burke
In reply to this post by Zeh Fernando-3
You fixed it!!!!! I'm so grateful!!!! Thank you!!!!!!!!!!!!!!!!!! That was taking up so many hours!!!!!!!! Can I buy you a meal or something?

Thank you!!!!!
Kevin


From: Zeh Fernando-3 [via Papervision3D] <[hidden email]>
To: Kevin Burke <[hidden email]>
Sent: Tue, September 28, 2010 4:24:21 PM
Subject: Re: The unbeatable Security sandbox dilemma - Policy file not working!

Crossdomain needs to be on the target domain (profile.ak.fbcdn.net), not on the source (kevinburkeportfolio.com).

Usually just having checkPolicyFile set to true is enough. However, in this case, knowing Facebook, it's probably because the actual image loading is redirecting you to a different domain (via 302 redirect), and redirect loads don't take checkPolicyFile into consideration (it's always set to false).

The solution is loading the crossdomain file yourself beforehand.

TL;DR: Just do...

     Security.loadPolicyFile("http://profile.ak.fbcdn.net/crossdomain.xml");

...somewhere on your application's initialization.

You can get rid of the other loadPolicyFile methods and crossdomain.xml files.


Zeh


On Tue, Sep 28, 2010 at 5:07 PM, Kevin Burke <[hidden email]> wrote:

Hi,
I have a Papervision plane that uses a user's Facebook profile picture as a
MovieClip in a MovieMaterial.

When I test this .swf from my local machine, it works, but when I upload it
to my web host, I get an error.

SITE:
http://www.kevinburkeportfolio.com/Facebook/facebook_test.html

ERROR MESSAGE:
SecurityError: Error #2122: Security sandbox violation: BitmapData.draw:
http://www.kevinburkeportfolio.com/Facebook/facebook_test.swf/[[DYNAMIC]]/3
cannot access
http://profile.ak.fbcdn.net/hprofile-ak-snc4/hs347.snc4/41502_689060327_4407_n.jpg.
A policy file is required, but the checkPolicyFile flag was not set when
this media was loaded.
       at flash.display::BitmapData/draw()
       at Main/checkLoad()

I have read about this sandbox/checkPolicyFile problem in many posts, so I
included this crossdomain file in the root folder of my server.
http://www.kevinburkeportfolio.com/crossdomain.xml
AND here:
http://www.kevinburkeportfolio.com/Facebook/crossdomain.xml

I also added the following code to my Facebook MovieClip's AS class'
constructor function:
                       Security.allowDomain("*");

Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");
                       loaderContext = new LoaderContext(true);
                       loaderContext.checkPolicyFile = true;

And this code after the MovieClip connects to the Facebook user's profile:
                       loader = new Loader();
                       loader.contentLoaderInfo.addEventListener(Event.COMPLETE, init);
                       loader.load(url,loaderContext);


I also added this code to my document class's properties:
                       public var checkPolicyFile:Boolean;

AND this to the constructor:
                       checkPolicyFile = true;

Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");

The plane is NOT built until the image is done loading and I even drew in a
white box to the MovieClip so there would be something in it before the
plane requested its instance.

I'm out of ideas. Can anyone please
help???!?!?!?!?!?!?!!?!??!?!?!?!?!?!?!?!?!?
--
View this message in context: http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717943.html?by-user=t
Sent from the Papervision3D mailing list archive at Nabble.com.

_______________________________________________
Papervision3D mailing list
[hidden email]
http://osflash.org/mailman/listinfo/papervision3d_osflash.org


_______________________________________________
Papervision3D mailing list
[hidden email]
http://osflash.org/mailman/listinfo/papervision3d_osflash.org



View message @ http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717967.html
To unsubscribe from The unbeatable Security sandbox dilemma - Policy file not working!, click here.

Reply | Threaded
Open this post in threaded view
|

Re: The unbeatable Security sandbox dilemma - Policy file not working!

Kevin Burke
In reply to this post by viaria
Someone sent me the fix...I was using the wrong Policy file...it should have been Facebook's. Thank you for the response!!!


From: viaria [via Papervision3D] <[hidden email]>
To: Kevin Burke <[hidden email]>
Sent: Tue, September 28, 2010 4:28:00 PM
Subject: Re: The unbeatable Security sandbox dilemma - Policy file not working!

hey,
it works for me.



View message @ http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717974.html
To unsubscribe from The unbeatable Security sandbox dilemma - Policy file not working!, click here.

Reply | Threaded
Open this post in threaded view
|

Re: The unbeatable Security sandbox dilemma - Policy file not working! / FB and other sites

franinlv
This post has NOT been accepted by the mailing list yet.
SecurityError: Error #2122: Security sandbox violation: LoaderInfo.content: http://wac.5f48.edgecastcdn.net/805F48/bingoblitz/v147-8/game/flash/BingoBlitz.swf?v=147 cannot access http://profile.xx.fbcdn.net/hprofile-snc4/369604_100001607993565_994108221_q.jpg. A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
        at flash.display::LoaderInfo/get content()
        at framework.assets::AssetLoaderManager/assetLoaded()[C:\Users\bingo\Desktop\flash dev\flash-v147\AS\framework\assets\AssetLoaderManager.as:100]

Can you speak non-geek so it can be fixed.  I have a spouse driving me nuts cause it happens on FB and on WGT.com when he's playing golf since the last adobe upgrade.