[FLEX-20711] [Flash Player] Security sandbox violation while trying to display two or more youtube videos simultaneously - ASF JIRA

Attach files

Attach Screenshot

Add vote

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: Adobe Flex SDK Previous
Fix Version/s: None
Component/s: mx: SWFLoader
Labels:
None
Environment:
Affected OS(s): All OS Platforms
Language Found: English

Description

Steps to reproduce:
1. Create an mxml application:

<?xml version="1.0" encoding="utf-8"?>
<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute" initialize="initHandler(event)">

<mx:Script>
<![CDATA[
import mx.events.FlexEvent;

private function initHandler(event:FlexEvent):void

{ Security.loadPolicyFile("http://www.youtube.com/crossdomain.xml"); Security.loadPolicyFile("http://s.ytimg.com/crossdomain.xml"); }

]]
>
</mx:Script>

<mx:SWFLoader source="http://www.youtube.com/v/VhmF4pKskvw" />

<mx:SWFLoader source="http://www.youtube.com/v/QI1FMoIFd_A" />

</mx:Application>

2. Run
3.

Actual Results:
Displays only one video, instead of two.

Displays the following debug console output:

Warning: Domain s.ytimg.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

Warning: Domain www.youtube.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

[SWF] Users:dmitry:Documents:workspace:youtube:bin-debug:youtube.swf - 652,356 bytes after decompression
[SWF] /swf/l.swf - 7,581 bytes after decompression
[SWF] /swf/l.swf - 7,581 bytes after decompression
[SWF] /yt/swf/cps-vfl84386.swf - 484,113 bytes after decompression

- - Security Sandbox Violation ***
    SecurityDomain 'http://s.ytimg.com/crossdomain.xml' tried to access incompatible context 'http://www.youtube.com/crossdomain.xml'
    Warning: Domain i2.ytimg.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

In case both calls to Security.loadPolicyFile are removed debug console output as follows:

[SWF] Users:dmitry:Documents:workspace:youtube:bin-debug:youtube.swf - 652,226 bytes after decompression
[SWF] /swf/l.swf - 7,581 bytes after decompression
[SWF] /yt/swf/cps-vfl84386.swf - 484,113 bytes after decompression

- - Security Sandbox Violation ***
    SecurityDomain 'http://s.ytimg.com/yt/swf/cps-vfl84386.swf' tried to access incompatible context 'http://www.youtube.com/swf/l.swf?swf=http%3A//s.ytimg.com/yt/swf/cps-vfl84386.swf&video_id=QI1FMoIFd_A&rel=1&eurl=&iurl=http%3A//i2.ytimg.com/vi/QI1FMoIFd_A/hqdefault.jpg&sk=Fhbgj109Emcx8EmZlxkWYEURFs5fDtpSC&cr=US&avg_rating=4.86842105263&length_seconds=288&allow_ratings=1&title=An%20Irish%20Weaver%27s%20Rugged%20Remote%20Life'
    Warning: Domain i2.ytimg.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

[SWF] /swf/l.swf - 7,581 bytes after decompression

The main difference here is that in the line after **Security Sandbox Violation** crossdomain policy file URLs are replaced with the actual SWF URLs

It seems that security exception prevents second (and any subsequent) video(s) from being loaded.

Expected Results:
Should not raise security sandbox violation exception, both servers (http://www.youtube.com/crossdomain.xml and http://s.ytimg.com/crossdomain.xml) has appropriate crossdomain policy files. Should display two videos, not one.

Workaround (if any):
none