3 Replies Latest reply on Oct 17, 2007 7:46 AM by TOdd_23523523

    Cross Domain Policy/ Security Error accessing URL

    flexfann
      I'm trying to access XML data from youtube.com using their API's.
      I created a HTTPWebservice but I 'm getting a "Security Error accessing URL".

      When I the swf file as a local file it works but when I run the swf from a http server I'm getting the security error.

      the 2 main lines of code are:
      service = new mx.rpc.http.HTTPService();
      service.url = " http://gdata.youtube.com/feeds/videos?vq='" + search.text + "'";

      It looks like youtube has crossdomain.xml policy file on their servers... Do I need to do something special to load the policy???

      thanks
        • 1. Re: Cross Domain Policy/ Security Error accessing URL
          flexfann Level 1
          I did some more research and it looks like youtube changed their security policy to only allow access from their sites:

          <!-- http://www.youtube.com/crossdomain.xml -->

          <cross-domain-policy>
          <allow-access-from domain="*.youtube.com"/>
          <allow-access-from domain="*.google.com"/>
          </cross-domain-policy>


          I really don't understand this crossdomain thing. For me, this is a deal breaker. I don't want to have to proxy everything through my server because that will make things extremely difficult for me.

          If its things like images and videos, and xml data (ie non swf files) why can't we have direct access to third party data??? Makes no sense to me at all.

          If you think about all the WEB 2.0 stuff out there these days, people are using things like AJAX to pull info from multiple sites and aggregate them into a common app... But with this crossdomain crap it makes it 10x harder and more expensive if you need to proxy everything.... I thought the whole point of Flex was to simplify development!!!!


          It looks like I will not be able to use Flex for this project :(



          • 2. Re: Cross Domain Policy/ Security Error accessing URL
            TOdd_23523523 Level 1
            Maybe YouTube doesn't want you to use their data? This seems to be more of a YouTube use policy than anything.

            Cross-domain exists for a valid reason, to prevent your Flash player from doing evil things, like loading a SWF up, connecting to a server inside your firewall, grabbing some secure documents, then sending them out over the internet, etc....
            • 3. Re: Cross Domain Policy/ Security Error accessing URL
              TOdd_23523523 Level 1
              Oh, an also, you're saying that the Web 2.0 stuff people use AJAX to grap data from multiple sites and aggregrating them....how is this any different than proxying? The data is going through your own server both ways.