Hi, we have a flex app that allows users to upload their photos, either from files, or from snapshots taken from their web cam. It works fine in Flash 9, but we're running into a security problem in flash 10, and I'm wondering if anyone can help clarify.
The file-based uploads use FileReference.upload(), which creates the necessary multipart request. It works fine in flash 10.
With the webcam-based uploads, there's no file, just the captured bitmap data. So we encode the bitmapdata using JPEGEncoder, and create a multipart request ourselves using URLRequest. As of flash 10, this request started failing.
Looking at the http traffic, our handrolled multipart request looks nearly identical to the one generated by FileReference.upload().
As for policy files: we have a master policy file at a.domain.com/cross-domain.xml, which allows access from b.domain.com. Our swf lives in b.domain.com. The images it is uploading originate from its own sandbox, b.domain.com, so that should be fine. When it attempts to upload the image(s) to a.domain.com, we get 'Security Sandbox Violation: connection to a.domain.com not permitted from swf on b.domain.com', ONLY when the images came from the webcam, not from a file.
Can anyone help shed light on the situation? Any ideas appreciated.
It seems probbably flash player is unable to locate policy file . Please double check that crossdomain.xml is located at the root of your server not in sub domain.