Inspiring

Question

How to get full URL when LoaderInfo.isURLInaccessible == true?

Forum|Forum|15 years ago
September 2, 2010
3 replies
3008 views

Why is Flash Security so hard to figure out?

I am trying to load an image; however, the image URL I 1st receive is actually a redirected URL. I wish to load the redirected URL, but I can't get the full redirected URL because LoaderInfo.isURLInaccessible is true even though I think I follow all the precautions detailed on the following page:

http://www.macromediademos.com/devnet/flashplayer/articles/fplayer10.1_air2_security_changes.html

Here is my sitaution...

I have an image URL: i.e. "http://www.foo.com/image.jpg"

I attempt to load the image ensuring that I set the LoaderContext's checkPolicyFile to "true"

var ur:URLRequest = new URLRequest( "http://www.foo.com/image.jpg");
var l:Loader = new Loader();

                l.contentLoaderInfo.addEventListener(Event.COMPLETE, onLoad);
                var lc:LoaderContext = new LoaderContext();
                lc.checkPolicyFile = true;
                l.load(ur, lc);

When the Event.COMPLETE is dispatched, I discover that the loaded image's URL is not the one I first used ( "http://www.foo.com/image.jpg") instead the URL is a redirected URL "http://www.bar.com/image.jpg".

Because of sandbox issues, I can not use the loaded image and be able to manipulate the image. So instead I need to reload the image using the final URL. However, I cannot determine what the redirected URL is because the LoaderInfo.isURLInaccessible == true and LoaderInfo.url =="http://www.bar.com/", not "http://www.bar.com/image.jpg".

private function onLoad(e:Event):void {

var li:LoaderInfo = LoaderInfo(e.target);

trace("isURLInaccessible = " + li.isURLInaccessible); //output = "isURLInaccessible = true"

trace("li.url = " + li.url); //output = "li.url = http://www.bar.com/"

}

Acording to the Adobe Blog post (see URL above), I need to ensure two things: 1) LoaderContext.checkPolicyFile= true, and 2) the crossdomain policy file gives the proper permission.

I think I've met both o these criteria. The crossdomain file for BOTH http://www.foo.com/crossdomain.xml and http://www.bar.com/crossdomain.xml is the following:

     <cross-domain-policy>
          <allow-access-from domain="*"/>
          <site-control permitted-cross-domain-policies="all"/>
     </cross-domain-policy>

What am I doing wrong? How do I ensure that I can get the redirected URL and LoaderInfo.isURLInaccessible == false?

thanks!

ActionScript

This topic has been closed for replies.

E

EnochTwig

Participating Frequently

Try changing from this:

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>

To this:

<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain=”*”/>

<site-control permitted-cross-domain-policies=”master-only”/>

</cross-domain-policy>

Not really sure how much the DOCTYPE matters, but with permitted-cross-domain-policies set to 'master-only' you can be sure that the loader will always check the policy file at the root of the master domain, instead of looking for policy files elsewhere.

Then make sure that the policy file is in the rootiest root possible in the domain you are grabbing the image from.

I'm not really sure this is the cause of your problem, but it's worth a shot.

J

JAXIMFLASHAuthor

Inspiring

Here's an update. (though still no solution.)

1) I preloaded ANY image from the redirected server: i.e. http://www.bar.com/image123.jpg. (Mind you, I did nothing with this preloaded image.) When I loaded this image, checkPolicyFile == true.

2) A few seconds later, I loaded the desired non-redirected image: http://www.foo.com/image.jpg.

3) This time, isURLInaccessible was true and I had access to the full redirected URL: i.e. http://www.foo.com/image.jpg.

Please note that the image from the 1st step didn't have to be the same image from the 3rd step.

It appears that you have to check the policy file on the redirected URL before have knowledge of the redirected URL. However, how can you check the policy file on the redirected URL if you don't know the redirected URL yet?

Ah, Adobe Flash security makes so much sense and is always so simple. /sarcasm

So does anyone know how to properly check the policy file for redirected images with this new info?

Seemingly according to the security page written by Adobe which I linked to my 1st post, it should be as simple as setting the checkPolicyFile property of the LoaderContext. I've tried that and that doesn't work. So either Adobe's page is incorrect (perhaps) or is not clear (most likely).

Unless anyone can come up with a simpiler way to do this, I'll probably do the following which theoretically should work:

1) load the non-redirected image

2) when image loads, determine if the loaded URL == the URL originally used to load the image

3) If it is determined that the loaded URL is a redirected URL, then check if isURLInaccessible == true.

4) if isURLInaccessible == true, then somehow load the policy file from the incomplete URL (I will need to figure out how to do this.)

5) Once the policy file loads, then go back to step #1. When the process reaches step #4, then isURLInaccessible should be false at which case, process to step #6

6) Load the redirected image URL

The above seems like a lot steps to load an image. Can someone confirm if the above is necessary or if there is a simpler way to load the redirected image's policy file?

E

EnochTwig

Participating Frequently

I think this is what you are looking for:

Security.loadPolicyFile("http://www.bar.com/crossdomain.xml");

J

JAXIMFLASHAuthor

Inspiring

p.s. The following blog describes why I need to reload the image using the redirected URL:

http://www.stevensacks.net/2008/12/23/solution-as3-security-error-2122-with-300-redirects/

A

Andrei1-bKoviI

Inspiring

p.s. The following blog describes why I need to reload the image using the redirected URL:

Did it work for you?

J

JAXIMFLASHAuthor

Inspiring

Did it work for you?

No. I was just adding more info to my original question so others know why I need to know the redirected URL and why I need to reload the image using the redirected URL. Prior to Flash Player 10.1, this workaround worked. Now I can't obtain the redirected URL even though Adobe seems to be saying that I should be able to.

A

Andrei1-bKoviI

Inspiring

isURLInaccessibleis read only.

http://help.adobe.com/en_US/FlashPlatform/beta/reference/actionscript/3/flash/display/LoaderInfo.html#isURLInaccessible

J

JAXIMFLASHAuthor

Inspiring

Yes, it is read only, but how do you esnure the value is false? I tried to indirectly change it by following the 2 previously mentioned precautions, but did not work. I'm not sure what else I need to do or what I'm doing wrong that The LoaderInfo's "url" property does not display the full URL of the redirected image.

A

Andrei1-bKoviI

Inspiring

I doubt you can do anything about it (I may be wrong though). In these kind of cases the best bet is to create a server side proxy.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded