2

I can't seem to wrap my head around this image loading problem with my actionscript 3.0 project. I suspect it has something to do with how I have the crossDomain.xml set up. The problem is that I can load youtube movie thumbnail images from http://img.youtube.com/ into flash and display them completely fine when testing/running the SWF in a stand alone (local) player.

But when I upload the SWF and test it through the web I receive Sandbox Errors and Security Violations.

Here is my crossDomain.xml (stored on the root of the server):

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

Here is some AS3:

Security.loadPolicyFile('http://youtube.com/crossdomain.xml');
// LoaderContext used
externalLoaderCntxt = new LoaderContext( true, new ApplicationDomain() );
loader.load( http://img.youtube.com/vi/nTYcgnqAzqE/2.jpg, externalLoaderCntxt );

Here is the error I get with the current configuration of crossDomain.xml and loaderContext

SecurityError: Error #2123: Security sandbox violation: LoaderInfo.content: http://*.*.com/bin/PipedLoader_test.swf?ver=ef331d0dcb1e1ef59b325969ebadafa4 cannot access http://img.youtube.com/vi/nTYcgnqAzqE/2.jpg. No policy files granted access.
at flash.display::LoaderInfo/get content()
at *.pipedLoader::PipedLoader/onImageLoadComplete()[*\pipedLoader\PipedLoader.as:915]

I've tried creating the LoaderContext without checkPolicyFiles as false.

Is there any way to remove these Security Sandbox violations? Or because the crossDomain.xml used is hosted by YouTube.com there isn't anything I can change?

If it is the ladder how does one load these thumbnail images and use them? Can a policy file put restrictions on the loaderInfo.content property?

Any help would be great, Thanks! TwoBit

4

1 回答 1

3

尝试使用:http ://i.ytimg.com 而不是 img.youtube.com - 您可以验证:http://i.ytimg.com/crossdomain.xml具有通配符域访问权限。

于 2012-02-22T21:18:14.353 回答