Discussions (3,804)

Flickr Flex Application Security Sandbox error 2048

view profile

trenzig says:

I have created an app that works fine locally.
Yes, I'm now moving it to a hosted server.
My swf contains

Security.loadPolicyFile('https://farm7.static.flickr.com/crossdomain.xml'
Also


Security.allowDomain([ farm2.static.flickr.com".farm3.static.flickr.com"...]);
Security.allowDomain(['https://www.flickr.com/services/oauth/']);



Now when my app starts I can see in fiddler a call to farm7.static.flickr.com/crossdomain.xml

No problem

when I call for a request token I call:-

var loader:URLLoader = new URLLoader();

loader.addEventListener(Event.COMPLETE, onLoadUserId);

At this point I see in Fiddler a call to [www.flickr.com/crossdomain.xml ]

This crossdomain file contains

cross-domain-policy
allow-access-from domain="*.yahoo.com"
allow-access-from domain="*.yimg.com"

cross-domain-policy


This naturally slams down the shutters and I get the renowned 2048 error
The error it returns is

#2048: Security sandbox violation: www.blahdeBlah.com/FlickrCom/FBC3.swf cannot load data from www.flickr.com/services/oauth/request_token?

What am I doing wrong ?

Should I add Security.allowDomain(www.flickr.com/services/oauth/') in somewhere ?
7:19AM, 6 February 2012 PDT (permalink)

view photostream

Sam Judson is a group administrator Sam Judson says:

The issue is that the new OAuth endpoints are not on api.flickr.com as are all the other API calls, but on www.flickr.com. So Flickr need to get there act together and sort this out.

As an aside, calling Security.allowDomain() allows the domain to call you, not the other way around.
38 months ago (permalink)

view photostream

trenzig says:

Thanks for that...ermm is there a work around?

I mean they are supposed to be deprecating the old auth method this spring !
38 months ago (permalink)

view photostream

Sam Judson is a group administrator Sam Judson says:

Yes, use the old authentication till they get it sorted.

I've just tried this in SIlverlight and the same thing happens.
38 months ago (permalink)

view photostream

trenzig says:

Wow what a way to run a railroad... whose is the fat controller we need to contact to flag this up...
38 months ago (permalink)

view photostream

Sam Judson is a group administrator Sam Judson says:

I suspect they might not be aware of the issue, but who knows.

I posted on the Flickr mailing list a while back about a similar issue, but this one should also get posted there.

Sam
38 months ago (permalink)

view photostream

Sam Judson is a group administrator Sam Judson says:

The only other alternative would be to pass the call to request_token (and access_token) through a server side proxy.
38 months ago (permalink)

view photostream

trenzig says:

Yes, I heard about the proxy trick but have only seen php examples. My final code however will go on 3 load balancing servers and i'm not sure my company would like to add/manage another dependency to their processes. Especially since Flickr could completely change to oauth 2.0 as they profess to doing 'shortly'. I think the best bet would be to go back to the 'old established' authentication method.
38 months ago (permalink)

view photostream

trenzig says:

Do you have an example of a server side proxy ?
38 months ago (permalink)

view photostream

Sam Judson is a group administrator Sam Judson says:

No, not really. All you need to do though it create a page that accepts a URL as a parameter, and then download that URL and return its contents to the caller. There are plenty of examples out there for most languages.

Here's a simple one in PHP: benalman.com/projects/php-simple-proxy/
38 months ago (permalink)

view photostream

trenzig says:

Thanks for that I found a .Net one as well :-
omaralzabir.com/fast_streaming_ajax_proxy_with_get_put_po...

Also for those interested in actionscript as well as Oauth for Facebook look at

blog.yoz.sk/2010/04/twitterlogger-class-to-full-twitter-a...

I am interested in a simple .Net proxy tho'.

I don't know if you have used such a technique but if I call for a thousand links they will all come through the proxy....so a streaming proxy might be the best way forward. Once I have the links I should be able to go direct to the flickr server farm. Is this the case ?
38 months ago (permalink)

view photostream

Sam Judson is a group administrator Sam Judson says:

The only calls you need to make through the proxy are the ones to www.flickr.com - i.e. the OAuth request_token and access_token calls.

Normal API calls, to api.flickr.com will work fine, as they have the correct crossdomain.xml file on that server.

The simplest one for C# I could fine was this one: www.sharepointjohn.com/aspnet-proxy-page-cross-domain-req...
38 months ago (permalink)

view photostream

trenzig says:

Sam,

Thanks for this Ill give it a go.

Once again many thanks for your efforts
38 months ago (permalink)

Would you like to comment?

Sign up for a free account, or sign in (if you're already a member).