In my application, I am trying to display some data from google.com.
My problem is that I always have this error :
Error #2048: Security sandbox violation: https://XXXXX.com/runtime.swf cannot load data from http://www.google.com/finance/company_news?q=null:OZG&output=rss.
The crossdomain.xml of google looks like that:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="by-content-type" />
</cross-domain-policy>
And I call the page in my AS3 code like that :
var hdr:URLRequestHeader = new URLRequestHeader("Content-type", "text/x-cross-domain-policy");
var request:URLRequest = new URLRequest(feedURL);
request.requestHeaders.push(hdr);
//then load the request with an UrlLoader
Do you have any idea of why flash give me this cross damin security error?
I actually misunderstood the meaning of the crossdomain.xml file. Basically, the crossdomain policy file of google doesn't allow any domain.
I think that my only solution is to use a proxy...
You can use a PHP proxy, but cURL must be enabled.
For example:
$gogle = curl_init();
curl_setopt($gogle , CURLOPT_URL, $googleurl);
curl_exec($gogle);
If you need further manipulations use the CURLOPT_RETURNTRANSFER option to return the content as a string instead of outputting it.
curl_setopt($ch, CURLOPT_RETURNTRANSFER , TRUE);
$content = curl_exec($ch);
use CURLOPT_POSTFIELDS if you need to pass POST agouments (eg: "param=value&q=google")
Related
I am trying to replace existing video on VIMEO with
advanced api from : https://github.com/vimeo/vimeo.php#replace-videos-from-the-server.
The code is:
$vimeo = new \Vimeo\Vimeo('xxxxxxxxxxxxxxx', 'xxxxxxxxxxxxxxx');
$vimeo->setToken("xxxxxxxxxxxxxxx");
$video_id_on_vimeo = 123456; // not real id
$vimeo->replace("/videos/" . $video_id_on_vimeo, $path_to_file, false);
However it throws me an error "Unable to get an upload ticket.[The requested user could not be found]'
All other commands do work. I am using OAUTH 2 and scopes configured for using apis are:
public private purchased create edit delete interact upload.
in order to run example, just execute POST request to http://panels.veedi.com/api/video/test
Vimeo development team fixed the bug.
Now everything is working. In addition in API description of replacement process, they have mistake.
Instead of:
$response = $lib->upload('/videos/12345', '/home/aaron/Downloads/ada.mp4', false);
You should use:
$response = $lib->replace('/videos/12345', '/home/aaron/Downloads/ada.mp4', false);
I have to build a banner where people fill a form with their name and email send when they click, we send the data in order to send them back a brochure instantly.
I am not a dev, so it is a little bit confusing for me and I hope my explanations will be clear enough.
Apparently, the website only accept POST request but we cannot send like that from the banner due to crossdomain issue. So the request has to be send as a GET.
We found this website which does the conversion:
http://get-to-post.nickj.org/
for the purpose of the test, everything is hardcoded. When we test, this url:
http://get-to-post.nickj.org/?http://www.vikingrivercruises.co.uk/Forms/SaveRequestBrochures?InquiryReason[0]=2351&InquiryMessage[0]=UK+River+Brochure+Download&InquiryType[0]=Brochure-d&InquiryReason[1]=1450&InquiryMessage[1]=UK+Brochure+Requests+%28from+web%29&InquiryType[1]=Brochure&BrochureCode=UKBR15&SelectedBrochuresDeliverability=UKBR15+mail-yes+ebrochure-yes&selectedBrochures=UKBR15&Title=Mr.&FirstName=Andrew&LastName=Davies&EmailAddress=nicom21a%40gmail.com&PhoneNumberString=098921313132312&Country=United+Kingdom&OtherCountry=&Address1=&Address2=&Address3=&City=&State=&OtherState=&Zip=&EmailMeSpecialOffers=true&FriendTitle=&FriendFirstName=&FriendLastName=&FriendEmailAddress=&RedirectUrl=http%3A%2F%2Fwww.vikingrivercruises.co.uk%2Fbrochures%2Frivers-brochure-thank-you.html
and copy past it in the browser, it works perfectly and we receive a brochure instantly, but when I try to replicate it from the banner it doesn't work.
Here is my code, many thanks
var requestVars:URLVariables = new URLVariables();
requestVars.link = 'InquiryReason[0]=2351&InquiryMessage[0]=UK+River+Brochure+Download&InquiryType[0]=Brochure-d&InquiryReason[1]=1450&InquiryMessage[1]=UK+Brochure+Requests+%28from+web%29&InquiryType[1]=Brochure&BrochureCode=UKBR15&SelectedBrochuresDeliverability=UKBR15+mail-yes+ebrochure-yes&selectedBrochures=UKBR15&Title=Mr.&FirstName=Andrew&LastName=Davies&EmailAddress=nicom21a%40gmail.com&PhoneNumberString=098921313132312&Country=United+Kingdom&OtherCountry=&Address1=&Address2=&Address3=&City=&State=&OtherState=&Zip=&EmailMeSpecialOffers=true&FriendTitle=&FriendFirstName=&FriendLastName=&FriendEmailAddress=&RedirectUrl=http%3A%2F%2Fwww.vikingrivercruises.co.uk%2Fbrochures%2Frivers-brochure-thank-you.html'
var request:URLRequest = new URLRequest();
request.url = 'http://get-to-post.nickj.org/?http://www.vikingrivercruises.co.uk/Forms/SaveRequestBrochures';
request.method = URLRequestMethod.GET;
request.data = requestVars;
for (var prop:String in requestVars) {
trace("Sent " + prop + " as: " + requestVars[prop]);
}
var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.TEXT;
loader.addEventListener(Event.COMPLETE, loaderCompleteHandler);
loader.addEventListener(HTTPStatusEvent.HTTP_STATUS, httpStatusHandler);
loader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, securityErrorHandler);
loader.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);
I also tried like that
request.url = 'http://get-to-post.nickj.org/?http://www.vikingrivercruises.co.uk/Forms/SaveRequestBrochures?';
I think there are many points in your case that should be clarified :
If you want send a URL request to a server, but ignores any response, and I think this is your case because you can't get response, It's better to use sendToURL instead of URLLoader.load().
If you test your swf on line, you will get a security error because the used site(http://get-to-post.nickj.org/) doesn't have a crossdomain.xml file to get authorization to execute the URL : http://get-to-post.nickj.org/?http://www.example.com/?param=value.
Even when you execute your sendToURL successfully, you have another problem because the site that you have mentioned, which convert GET request to a POST one, will not do the job because it's creating a page with a POST form with your data and submitting it when the page is loaded which is never fired with flash.
So, I think it's better to see the crossdomain problem with your target site (vikingrivercruises) to give you authorization to send POST data. And if It's always impossible, try to set another URL (site) that get your GET data and send it via curl, for example, to your destination.
I am trying to load images from my website on my Flex Mobile Application. When I run the code using my localhost, everything works perfectly. However, when I try to load the images from my live website, I get the error:
IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2036: Load Never Completed. URL: http://sortsports.com/images/players/nfl/sketch/8850x300.jpg" errorID=2036]
I am using a Loader to load the image and a LoaderContext setting checkPolicyFile to false.
var lc:LoaderContext = new LoaderContext();
lc.checkPolicyFile = false; // bypass security sandbox / policy file - does this effect quality when scaling? - See more at: http://www.onegiantmedia.com/as3--load-a-remote-image-from-any-url--domain-with-no-stupid-security-sandbox-errors#sthash.ZRnTf99k.dpuf
var loader:Loader = new Loader();
loader.contentLoaderInfo.addEventListener(Event.COMPLETE, playerImageLoadCompleteHandler);
loader.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR, loaderIOErrorHandler);
trace('loading: ' + remoteFileUrl);
loader.load(new URLRequest(remoteFileUrl), lc); // add a loader context to not check the policy file
private function playerImageLoadCompleteHandler(event:Event):void
{
var loaderInfo:LoaderInfo = event.target as LoaderInfo;
playerImage.source = loaderInfo.content;
}
private function loaderIOErrorHandler(ev:Event):void{
trace("Image not found and ioError: " + ev);
playerImage.source = 'k';
}
I also have a crossdomain policy in the root of the url:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
I load the crossdomain like this:
Security.loadPolicyFile(Globals.currentDomain + "/crossdomain.xml");
And I try to allowDomain
//Security.allowDomain('http://sortsports.com/');
But I get an error
SecurityError: Error #3207: Application-sandbox content cannot access this feature.
So I put it in the try catch:
try {Security.allowDomain("*");}catch (e) { trace("e.message: " + e.message); };
Again, the code works great on localhost. I don't think using a proxy is a possibility as this is a mobile app.
var loader:URLLoader = new URLLoader();
var request:URLRequest = new URLRequest("http://domain.net/registerVideo.php");
var vars:URLVariables = new URLVariables();
vars.action = "insert";
vars.record = publishMode;
vars.name = streamName;
request.data = vars;
request.method = URLRequestMethod.POST;
loader.load(request);
The above client side code works for my machine(using the same web session),
but not working for some other machines.
Is this a known bug??
My guess is that you are testing this from the domain.net machine but loading from somewhere else. If it is not working from another machine, you may have a security sandbox violation. Try to add a crossdomain.xml file on your server with something like this to see if that fixes your issue.
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
I wouldn't advise keeping this for production if it fixes your issue. For more info, see this link.
I can't get my Yahoo! Application Platform to run I keep getting denied access even though their policy file accepts requests from any domain.
OK: Policy file accepted: http://social.yahooapis.com/crossdomain.xml
Error: Request for resource at http://social.yahooapis.com/v1/user/<user id>/profile?oauth_signature_method=HMAC-SHA1&lang=en-US&oauth_consumer_key=<key>&oauth_token=<long ass token>&oauth_version=1.0&format=json&oauth_nonce=<blah blah>&oauth_timestamp=1262846353®ion=US&oauth_signature=<foo bar> by requestor from http://<my domain>/YOSSimple.swf is denied due to lack of policy file permissions.
The url works btw, I editted some stuff out since it has my keys and stuff.
Links to the stuff I'm trying to do
http://developer.yahoo.com/flash/yos/
http://developer.yahoo.com/flash/yos/examples/simple/YOSSimple.fla
YOSSimple properly creates the url actually since if I type it in my browser I'm prompted if I want to download the file that contains information regarding my profile.
But it just wont open it in Flash.
I'm guessing that it's not loading the policy file automatically. You should try using
Security.loadPolicyFile("http://social.yahooapis.com/crossdomain.xml");
Do you have a webproxy installed with which you can monitor what files exactly are loaded? My favorite is Charles but there are also free FF plugins like Httpfox
EDIT:
I think I know what's going wrong. It's going wrong the other way around, the swf from yahoo is trying to access your swf, but doesn't have the correct permissions. Would you try
Security.allowDomain( 'http://social.yahooapis.com/' );
http://www.ieinspector.com/httpanalyzer/
use HTTP analyzer to see whats happening?
also check your not missmatching http://www. with http:// because flash treats them as different domains
also are you running the code locally on your machine. It could be your local security settings
A simple WebProxy will fix this:
<?php
// PHP Proxy
// Loads a XML from any location. Used with Flash/Flex apps to bypass security restrictions
// usage: proxy.php?url=http://mysite.com/myxml.xml
$session = curl_init($_GET['url']); // Open the Curl session
curl_setopt($session, CURLOPT_HEADER, false); // Don't return HTTP headers
curl_setopt($session, CURLOPT_RETURNTRANSFER, true); // Do return the contents of the call
$xml = curl_exec($session); // Make the call
header("Content-Type: text/xml"); // Set the content type appropriately
echo $xml; // Spit out the xml
curl_close($session); // And close the session
?>
Modify the web proxy example above to support multiple options as follows:
$sOptions = "";
foreach($_GET as $sIndex => $sValue) {
if ($sIndex == 'url') {
$url = $sValue;
}
else {
if (strlen($sIndex) > 0) {
$sOptions .= "&" . $sIndex;
}
if (strlen($sValue) > 0) {
$sOptions .= "=" . $sValue;
}
}
}
$url .= $sOptions;
$session = curl_init($url); // Open the Curl session