Security Sandbox Violation with SWFLoader

[Nellisoft]

I've developed a set of libraries that grabs (public) posts from Twitter and Facebook, and have worked them into several different example banner ads.

Now I'm trying to use SWFLoader to load them into a gallery, but when I go to test my (local) gallery with the swfs on our server, it's throwing security sandbox violations all over the place:

 

*** Security Sandbox Violation ***
Connection to http://api.twitter.com/#/users/show/username.xml halted - not permitted from http://server.domain.com/directory/examplead.swf
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://server.domain.com/directory/examplead.swf cannot load data from http://api.twitter.com/#/users/show/username.xml.

 

SecurityError: Error #2122: Security sandbox violation: Loader.content: http://server.domain.com/directory/examplead.swf cannot access http://profile.ak.fbcdn.net/directory/image.jpg. A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.

 

I'm not really sure where the problem is originating: in the gallery that's creating the loader; the example banner ads; or the libraries that are accessing Facebook and Twitter.

I hate that all this stuff works fine locally, but then the second you try to put it online, a bunch of stuff blows up in your face.

[GreenSock]

Sounds like you might be trying to load something across domains without a crossdomain.xml file in place. Feel free to post a simple FLA that demonstrates the issue so we can publish it on our end and see what's going on.

[Nellisoft]

I discovered that one of the swfs was using an outdated version of my Facebook library, one that was NOT checking crossdomain.xml; now that I've replaced it with the newest version that does check, the second error is no longer appearing.

Then I did some research on the Twitter API, and apparently their crossdomain.xml only allows other twitter domains access.

Calls to "search.twitter.com" will let anything through, but that doesn't get me what I want... so I might just be screwed on the Twitter front... and on top of that there's rate limiting.

 

Here's another question:

When I put the gallery up on our site, it shouldn't need to check the policy file because the swfs and videos it's loading are stored on another server under the same domain; correct?

[GreenSock]

When I put the gallery up on our site, it shouldn't need to check the policy file because the swfs and videos it's loading are stored on another server under the same domain; correct?

If you're loading from the same domain (and subdomain), correct, you shouldn't need to load a policy file. See Adobe's docs for details.