2

We are using Uploadify to upload images with our website. Currently when I click on Add photo,browse to my photo and select it. The uploadify status bar turns red and throws a message that says:

whatever.jpg (size 65.36KB) - Security Error

I have looked at the Apache logs and do not see any errors being thrown. We have reviewed all the image upload directories and the permissions look correct. We also ran FireBug and do not see any errors thrown when this message is thrown.

I have added a crossdomain.xml file in my Apache Document Root and it is accessible with a browser. But I am still not able to get past this error. I have tried a few crossdomain.xml's and this is my current one:

roacha
  • 593
  • 2
  • 12
  • 29

2 Answers2

1

You need crossdomain.xml to establish domain trust. Rather lengthy explanation: http://kb2.adobe.com/cps/142/tn_14213.html

Brief example: http://www.youtube.com/crossdomain.xml

And here's a related SO question.

Community
  • 1
  • 1
pluckyglen
  • 819
  • 7
  • 9
  • Thanks pluckyglen, where does this crossdomain.xml file need to live? Do I need to edit my Uploadify js file to specify the location? – roacha Dec 31 '09 at 04:04
  • I tried adding this to my website's document root: – roacha Dec 31 '09 at 04:27
  • I think my problem might be the crossdomain.xml is getting redirected with my ReWrite commands in Apache. Do you know how to exclude xml files? Or the individual crossdomain.xml? – roacha Dec 31 '09 at 04:58
  • I have my crossdomain.xml file in place and it is accessible. But I am still getting the security error. Do I need to specify anything about this file in the UPloadify config? – roacha Dec 31 '09 at 16:05
  • I've never seen crossdomain.xml live anywhere other than the root of the web site, so I'm not sure if there are configurations that allow it to be elsewhere. I suggest using Fiddler (or Firebug's Net tab) to make sure Flash is getting what it needs. And of course the XML itself needs to be correct, but based on what you have above, it looks fine to me. – pluckyglen Jan 03 '10 at 19:30
0

Solved this problem for myself - no one out there has mentioned this so I hope it helps.

In my script I had the following three arguments:

'uploader'  : 'includes/uploadify/scripts/uploadify.swf',
'script'    : 'includes/uploadify/scripts/uploadify.php',
'cancelImg' : 'includes/uploadify/cancel.png',

The fix was simple - put a leading slash on the "includes" path:

'uploader'  : '/includes/uploadify/scripts/uploadify.swf',
'script'    : '/includes/uploadify/scripts/uploadify.php',
'cancelImg' : '/includes/uploadify/cancel.png',

Apparently uploadify thought that without the leading / the swf was on another domain and looked to see if that domain (the domain of "includes") allows for this cross scripting behavior. Adding the leading slash fixed it.

Scott
  • 695
  • 1
  • 8
  • 16