All geek questions in one place

Download swf from AmazonS3 - cross-regional policy

I have a flash application sitting in domainA that needs to load swf that comes from an Amazon S3 bucket. When downloading, I get the following error. "Error #2044: Unhandled securityError:. text= "

I put the crossdomain file in a bucket and suggested that this would do the trick. How can i fix this?

+2
source share
3 answers

You can access S3 using the DNS byte name. Therefore, instead of s3.amazon.com/bucketname/filename it is bucketname.s3.amazon.com/filename. Using this method, you can put your own crossdomain file in the root path

 <allow-access-from domain="bucketname.s3.amazonaws.com" />

The best way is to use the CNAME records on your DNS server to fake the root for your crossdomain file. eg.

Record a CNAME on your DNS server to point bucketname.yourdomainname.com to bucketname.s3.amazon.com

And then put your crossdomain file at the root of the root

 <allow-access-from domain="bucketname.yourdomainname.com" />

And link to flash files like bucketname.yourdomainname.com/flash.swf etc.

+9
source

Downloading swf files is not exactly the same as loading data. Therefore, you may need more than just crossdomain.xml. To see where he is looking for the crossdomain.xml file, I would recommend using the sniffing tool (such as httpfox) to see where Flash Player is looking for the file.

To allow swf from different domains to interact, you also need to call Security.allowDomain . See adobe cross-site scripting documents for more information.

+1
source

Your crossdomain file must be located on the server with the flash application that is loading, and not with the files to which it is loaded. Then you specify the S3 domain as an allowed domain.

 <allow-access-from domain="s3.amazonaws.com" />

Edit: Well, I'm officially confused.

It seems that JB is right in his comment that I am wrong. From here :

Whenever Flash Player 7 detects a download request outside the domain, the player tries to find the policy file on the server from which it is trying to download data. If the policy file exists and it provides access to the source of the domain of the Flash movie that creates the request, the operation will be successful.

However, we are doing this exact thing (uploading images to the Flash component from a remote Amazon server) on one of our client websites, but our crossdomain.xml file is located in the root of the loaded web server - Amazon buckets do not contain policy files.

How does our site work? According to the documentation, this should not be!

Edit 2

According to the Wouter comment, what I am doing is a special case that explains why it works for me, even if my crossdomain files are in the wrong place ...

0
source

Source: https://habr.com/ru/post/907420/

More articles:


All Articles