AS3 LoadPolicyFile函数也适用于远程swfs吗？

Question

I have a swf one one server that is pulling content from an Amazon S3 server. I have set up, for now, a generic cross-domain policy to allow all domains access:

On the server containing the swf:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
  "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="*" />
</cross-domain-policy>

On the S3 server:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
  "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only" />
  <allow-access-from domain="*" />
  <allow-http-request-headers-from domain="*" 
    headers="SOAPAction" />
</cross-domain-policy>

These seem to be playing nicely (for the most part) as my swf is loading json, xml, etc. files from the S3 server just fine now. What it's not doing right is loading swfs from the S3 server, when it tries to do that it throws this exception:

SecurityError: Error #2121: Security sandbox violation: Loader.content: s3.amazonaws.com/bucket_name/swfs/foo.swf cannot access s3.amazonaws.com/bucket_name/data/swfs/bar.swf. This may be worked around by calling Security.allowDomain.

I assume this is because remote swfs could contain malicious executable code. Do I actually need to set the allowDomain to something or is there some other 'more correct' way of allowing my swf to load up other remote swfs?

Answer 1

Make sure you're using the bucket name as the subdomain for both the Policy file loading, and every file / URL request.

Solution:

http://onegiantmedia.com/cross-domain-policy-issues-with-flash-loading-remote-data-from-amazon-s3-cloud-storage

Answer 2

I've answered a similar question here:

https://stackoverflow.com/a/9547996/579230

In addition, if your crossdomain.xml is in place, you can just do loaderContext.checkPolicyFile = true instead of loading the file explicitly.