5

I can't get my Yahoo! Application Platform to run I keep getting denied access even though their policy file accepts requests from any domain.

OK: Policy file accepted: http://social.yahooapis.com/crossdomain.xml
Error: Request for resource at http://social.yahooapis.com/v1/user/<user id>/profile?oauth_signature_method=HMAC-SHA1&lang=en-US&oauth_consumer_key=<key>&oauth_token=<long ass token>&oauth_version=1.0&format=json&oauth_nonce=<blah blah>&oauth_timestamp=1262846353&region=US&oauth_signature=<foo bar> by requestor from http://<my domain>/YOSSimple.swf is denied due to lack of policy file permissions.

The url works btw, I editted some stuff out since it has my keys and stuff.

Links to the stuff I'm trying to do

http://developer.yahoo.com/flash/yos/
http://developer.yahoo.com/flash/yos/examples/simple/YOSSimple.fla

YOSSimple properly creates the url actually since if I type it in my browser I'm prompted if I want to download the file that contains information regarding my profile.

But it just wont open it in Flash.

false
  • 10,264
  • 13
  • 101
  • 209
lemon
  • 9,155
  • 7
  • 39
  • 47
  • what's you security sandbox? Try with local trusted as I don't see any issue with crossdomain policy file. – bhups Jan 07 '10 at 09:51
  • I'm using CS4 btw. I've already set its publish settings to `Access network only` and it still doesn't work. – lemon Jan 07 '10 at 23:43
  • Could you post the code that does the request that's failing? – Jacob Jan 15 '10 at 16:55

4 Answers4

2

I'm guessing that it's not loading the policy file automatically. You should try using Security.loadPolicyFile("http://social.yahooapis.com/crossdomain.xml");

Do you have a webproxy installed with which you can monitor what files exactly are loaded? My favorite is Charles but there are also free FF plugins like Httpfox

EDIT: I think I know what's going wrong. It's going wrong the other way around, the swf from yahoo is trying to access your swf, but doesn't have the correct permissions. Would you try

Security.allowDomain( 'http://social.yahooapis.com/' );
Creynders
  • 4,573
  • 20
  • 21
  • Already tried manually loading the policy, still didn't work. Will try that webproxy thing in a few. – lemon Jan 12 '10 at 00:21
  • The files are being loaded no problems there. [http://social.yahooapis.com/crossdomain.xml, YOSSimple.swf, etc]. It says that it loads the SWF first before the XML tho, would that be the problem? – lemon Jan 12 '10 at 06:58
  • No, that's how it should be. BTW, I edited my answer, I think I know what's going wrong. – Creynders Jan 12 '10 at 09:46
  • 1
    Grrr! :-) Then I'm out of ideas... If you do find it, could you post the solution? I'm really curious now! – Creynders Jan 13 '10 at 08:13
  • If I ever do :( but I kinda moved on, I used their PHP SDK instead=..= – lemon Jan 14 '10 at 23:46
  • I think that the argument to allowDomain should be just "social.yahooapis.com." Of course, you could use "*" to check if that's even related to the problem. – Jacob Jan 15 '10 at 17:01
0

http://www.ieinspector.com/httpanalyzer/

use HTTP analyzer to see whats happening?

also check your not missmatching http://www. with http:// because flash treats them as different domains

also are you running the code locally on your machine. It could be your local security settings

acheo
  • 3,106
  • 2
  • 32
  • 57
0

A simple WebProxy will fix this:

<?php
    // PHP Proxy
    // Loads a XML from any location. Used with Flash/Flex apps to bypass security restrictions
    // usage: proxy.php?url=http://mysite.com/myxml.xml

    $session = curl_init($_GET['url']);                    // Open the Curl session
    curl_setopt($session, CURLOPT_HEADER, false);          // Don't return HTTP headers
    curl_setopt($session, CURLOPT_RETURNTRANSFER, true);   // Do return the contents of the call
    $xml = curl_exec($session);                            // Make the call
    header("Content-Type: text/xml");                  // Set the content type appropriately
    echo $xml;        // Spit out the xml
    curl_close($session); // And close the session
?>
Chad Udell
  • 189
  • 8
0

Modify the web proxy example above to support multiple options as follows:

$sOptions = "";

foreach($_GET as $sIndex => $sValue) {
  if ($sIndex == 'url') {
    $url = $sValue;
  } 
  else {
    if (strlen($sIndex) > 0) {
      $sOptions .= "&" . $sIndex;
    }
    if (strlen($sValue) > 0) {
      $sOptions .= "=" . $sValue;
    }
  }
}

$url .= $sOptions;

$session = curl_init($url); // Open the Curl session
1.21 gigawatts
  • 16,517
  • 32
  • 123
  • 231
Michael SIlveus
  • 41
  • 1