Discussion:
The unbeatable Security sandbox dilemma - Policy file not working!
Kevin Burke
2010-09-28 21:07:25 UTC
Permalink
Hi,
I have a Papervision plane that uses a user's Facebook profile picture as a
MovieClip in a MovieMaterial.

When I test this .swf from my local machine, it works, but when I upload it
to my web host, I get an error.

SITE:
http://www.kevinburkeportfolio.com/Facebook/facebook_test.html

ERROR MESSAGE:
SecurityError: Error #2122: Security sandbox violation: BitmapData.draw:
http://www.kevinburkeportfolio.com/Facebook/facebook_test.swf/[[DYNAMIC]]/3
cannot access
Loading Image....
A policy file is required, but the checkPolicyFile flag was not set when
this media was loaded.
at flash.display::BitmapData/draw()
at Main/checkLoad()

I have read about this sandbox/checkPolicyFile problem in many posts, so I
included this crossdomain file in the root folder of my server.
http://www.kevinburkeportfolio.com/crossdomain.xml
AND here:
http://www.kevinburkeportfolio.com/Facebook/crossdomain.xml

I also added the following code to my Facebook MovieClip's AS class'
constructor function:
Security.allowDomain("*");

Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");
loaderContext = new LoaderContext(true);
loaderContext.checkPolicyFile = true;

And this code after the MovieClip connects to the Facebook user's profile:
loader = new Loader();
loader.contentLoaderInfo.addEventListener(Event.COMPLETE, init);
loader.load(url,loaderContext);


I also added this code to my document class's properties:
public var checkPolicyFile:Boolean;

AND this to the constructor:
checkPolicyFile = true;

Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");

The plane is NOT built until the image is done loading and I even drew in a
white box to the MovieClip so there would be something in it before the
plane requested its instance.

I'm out of ideas. Can anyone please
help???!?!?!?!?!?!?!!?!??!?!?!?!?!?!?!?!?!?
--
View this message in context: http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717943.html
Sent from the Papervision3D mailing list archive at Nabble.com.
Zeh Fernando
2010-09-28 21:18:43 UTC
Permalink
Crossdomain needs to be on the target domain (profile.ak.fbcdn.net), not on
the source (kevinburkeportfolio.com).

Usually just having checkPolicyFile set to true is enough. However, in this
case, knowing Facebook, it's probably because the actual image loading is
redirecting you to a different domain (via 302 redirect), and redirect loads
don't take checkPolicyFile into consideration (it's always set to false).

The solution is loading the crossdomain file yourself beforehand.

TL;DR: Just do...

Security.loadPolicyFile("http://profile.ak.fbcdn.net/crossdomain.xml");

...somewhere on your application's initialization.

You can get rid of the other loadPolicyFile methods and crossdomain.xml
files.


Zeh
Post by Kevin Burke
Hi,
I have a Papervision plane that uses a user's Facebook profile picture as a
MovieClip in a MovieMaterial.
When I test this .swf from my local machine, it works, but when I upload it
to my web host, I get an error.
http://www.kevinburkeportfolio.com/Facebook/facebook_test.html
http://www.kevinburkeportfolio.com/Facebook/facebook_test.swf/[[DYNAMIC]]/3
cannot access
http://profile.ak.fbcdn.net/hprofile-ak-snc4/hs347.snc4/41502_689060327_4407_n.jpg
.
A policy file is required, but the checkPolicyFile flag was not set when
this media was loaded.
at flash.display::BitmapData/draw()
at Main/checkLoad()
I have read about this sandbox/checkPolicyFile problem in many posts, so I
included this crossdomain file in the root folder of my server.
http://www.kevinburkeportfolio.com/crossdomain.xml
http://www.kevinburkeportfolio.com/Facebook/crossdomain.xml
I also added the following code to my Facebook MovieClip's AS class'
Security.allowDomain("*");
Security.loadPolicyFile("
http://www.kevinburkeportfolio.com/crossdomain.xml");
loaderContext = new LoaderContext(true);
loaderContext.checkPolicyFile = true;
loader = new Loader();
loader.contentLoaderInfo.addEventListener(Event.COMPLETE, init);
loader.load(url,loaderContext);
public var checkPolicyFile:Boolean;
checkPolicyFile = true;
Security.loadPolicyFile("
http://www.kevinburkeportfolio.com/crossdomain.xml");
The plane is NOT built until the image is done loading and I even drew in a
white box to the MovieClip so there would be something in it before the
plane requested its instance.
I'm out of ideas. Can anyone please
help???!?!?!?!?!?!?!!?!??!?!?!?!?!?!?!?!?!?
--
http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717943.html
Sent from the Papervision3D mailing list archive at Nabble.com.
_______________________________________________
Papervision3D mailing list
http://osflash.org/mailman/listinfo/papervision3d_osflash.org
Kevin Burke
2010-09-28 21:33:36 UTC
Permalink
You fixed it!!!!! I'm so grateful!!!! Thank you!!!!!!!!!!!!!!!!!! That was
taking up so many hours!!!!!!!! Can I buy you a meal or something?

Thank you!!!!!
Kevin



________________________________
From: Zeh Fernando-3 [via Papervision3D]
<ml-node+2717967-1740027483-21963-***@public.gmane.org>
To: Kevin Burke <pajhonka-/***@public.gmane.org>
Sent: Tue, September 28, 2010 4:24:21 PM
Subject: Re: The unbeatable Security sandbox dilemma - Policy file not working!

Crossdomain needs to be on the target domain (profile.ak.fbcdn.net), not on the
source (kevinburkeportfolio.com).

Usually just having checkPolicyFile set to true is enough. However, in this
case, knowing Facebook, it's probably because the actual image loading is
redirecting you to a different domain (via 302 redirect), and redirect loads
don't take checkPolicyFile into consideration (it's always set to false).

The solution is loading the crossdomain file yourself beforehand.

TL;DR: Just do...

Security.loadPolicyFile("http://profile.ak.fbcdn.net/crossdomain.xml");

...somewhere on your application's initialization.

You can get rid of the other loadPolicyFile methods and crossdomain.xml files.


Zeh
Post by Kevin Burke
Hi,
I have a Papervision plane that uses a user's Facebook profile picture as a
MovieClip in a MovieMaterial.
When I test this .swf from my local machine, it works, but when I upload it
to my web host, I get an error.
http://www.kevinburkeportfolio.com/Facebook/facebook_test.html
http://www.kevinburkeportfolio.com/Facebook/facebook_test.swf/[[DYNAMIC]]/3
cannot access
http://profile.ak.fbcdn.net/hprofile-ak-snc4/hs347.snc4/41502_689060327_4407_n.jpg.
A policy file is required, but the checkPolicyFile flag was not set when
this media was loaded.
at flash.display::BitmapData/draw()
at Main/checkLoad()
I have read about this sandbox/checkPolicyFile problem in many posts, so I
included this crossdomain file in the root folder of my server.
http://www.kevinburkeportfolio.com/crossdomain.xml
http://www.kevinburkeportfolio.com/Facebook/crossdomain.xml
I also added the following code to my Facebook MovieClip's AS class'
Security.allowDomain("*");
Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");
loaderContext = new LoaderContext(true);
loaderContext.checkPolicyFile = true;
loader = new Loader();
loader.contentLoaderInfo.addEventListener(Event.COMPLETE, init);
loader.load(url,loaderContext);
public var checkPolicyFile:Boolean;
checkPolicyFile = true;
Security.loadPolicyFile("http://www.kevinburkeportfolio.com/crossdomain.xml");
The plane is NOT built until the image is done loading and I even drew in a
white box to the MovieClip so there would be something in it before the
plane requested its instance.
I'm out of ideas. Can anyone please
help???!?!?!?!?!?!?!!?!??!?!?!?!?!?!?!?!?!?
--
http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717943.html?by-user=t
Sent from the Papervision3D mailing list archive at Nabble.com.
_______________________________________________
Papervision3D mailing list
[hidden email]
http://osflash.org/mailman/listinfo/papervision3d_osflash.org
_______________________________________________
Papervision3D mailing list
[hidden email]
http://osflash.org/mailman/listinfo/papervision3d_osflash.org


________________________________

View message @
http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717967.html

To unsubscribe from The unbeatable Security sandbox dilemma - Policy file not
working!, click here.
--
View this message in context: http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717981.html
Sent from the Papervision3D mailing list archive at Nabble.com.
viaria
2010-09-28 21:28:00 UTC
Permalink
hey,
it works for me.
--
View this message in context: http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717974.html
Sent from the Papervision3D mailing list archive at Nabble.com.
Kevin Burke
2010-09-28 21:38:20 UTC
Permalink
Someone sent me the fix...I was using the wrong Policy file...it should have
been Facebook's. Thank you for the response!!!



________________________________
From: viaria [via Papervision3D] <ml-node+2717974-904857906-21963-***@public.gmane.org>
To: Kevin Burke <pajhonka-/***@public.gmane.org>
Sent: Tue, September 28, 2010 4:28:00 PM
Subject: Re: The unbeatable Security sandbox dilemma - Policy file not working!

hey,
it works for me.


________________________________

View message @
http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717974.html

To unsubscribe from The unbeatable Security sandbox dilemma - Policy file not
working!, click here.
--
View this message in context: http://papervision3d.758870.n4.nabble.com/The-unbeatable-Security-sandbox-dilemma-Policy-file-not-working-tp2717943p2717991.html
Sent from the Papervision3D mailing list archive at Nabble.com.
Loading...