trenzig 3:19pm, 6 February 2012
I have created an app that works fine locally.
Yes, I'm now moving it to a hosted server.
My swf contains

Security.loadPolicyFile('https://farm7.static.flickr.com/crossdomain.xml'
Also

Security.allowDomain([ farm2.static.flickr.com".farm3.static.flickr.com"...]);
Security.allowDomain(['https://www.flickr.com/services/oauth/']);



Now when my app starts I can see in fiddler a call to farm7.static.flickr.com/crossdomain.xml

No problem

when I call for a request token I call:-

var loader:URLLoader = new URLLoader();

loader.addEventListener(Event.COMPLETE, onLoadUserId);

At this point I see in Fiddler a call to [www.flickr.com/crossdomain.xml ]

This crossdomain file contains

cross-domain-policy
allow-access-from domain="*.yahoo.com"
allow-access-from domain="*.yimg.com"

cross-domain-policy


This naturally slams down the shutters and I get the renowned 2048 error
The error it returns is

#2048: Security sandbox violation: www.blahdeBlah.com/FlickrCom/FBC3.swf cannot load data from www.flickr.com/services/oauth/request_token?

What am I doing wrong ?

Should I add Security.allowDomain(www.flickr.com/services/oauth/') in somewhere ?
admin
Sam Judson PRO 4 years ago
The issue is that the new OAuth endpoints are not on api.flickr.com as are all the other API calls, but on www.flickr.com. So Flickr need to get there act together and sort this out.

As an aside, calling Security.allowDomain() allows the domain to call you, not the other way around.
trenzig 4 years ago
Thanks for that...ermm is there a work around?

I mean they are supposed to be deprecating the old auth method this spring !
admin
Sam Judson PRO 4 years ago
Yes, use the old authentication till they get it sorted.

I've just tried this in SIlverlight and the same thing happens.
trenzig 4 years ago
Wow what a way to run a railroad... whose is the fat controller we need to contact to flag this up...
admin
Sam Judson PRO 4 years ago
I suspect they might not be aware of the issue, but who knows.

I posted on the Flickr mailing list a while back about a similar issue, but this one should also get posted there.

Sam
admin
Sam Judson PRO 4 years ago
The only other alternative would be to pass the call to request_token (and access_token) through a server side proxy.
trenzig 4 years ago
Yes, I heard about the proxy trick but have only seen php examples. My final code however will go on 3 load balancing servers and i'm not sure my company would like to add/manage another dependency to their processes. Especially since Flickr could completely change to oauth 2.0 as they profess to doing 'shortly'. I think the best bet would be to go back to the 'old established' authentication method.
trenzig 4 years ago
Do you have an example of a server side proxy ?
admin
Sam Judson PRO 4 years ago
No, not really. All you need to do though it create a page that accepts a URL as a parameter, and then download that URL and return its contents to the caller. There are plenty of examples out there for most languages.

Here's a simple one in PHP: benalman.com/projects/php-simple-proxy/
trenzig 4 years ago
Thanks for that I found a .Net one as well :-
omaralzabir.com/fast_streaming_ajax_proxy_with_get_put_po...

Also for those interested in actionscript as well as Oauth for Facebook look at

blog.yoz.sk/2010/04/twitterlogger-class-to-full-twitter-a...

I am interested in a simple .Net proxy tho'.

I don't know if you have used such a technique but if I call for a thousand links they will all come through the proxy....so a streaming proxy might be the best way forward. Once I have the links I should be able to go direct to the flickr server farm. Is this the case ?
admin
Sam Judson PRO 4 years ago
The only calls you need to make through the proxy are the ones to www.flickr.com - i.e. the OAuth request_token and access_token calls.

Normal API calls, to api.flickr.com will work fine, as they have the correct crossdomain.xml file on that server.

The simplest one for C# I could fine was this one: www.sharepointjohn.com/aspnet-proxy-page-cross-domain-req...
trenzig 4 years ago
Sam,

Thanks for this Ill give it a go.

Once again many thanks for your efforts
Groups Beta