Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
Adobe Flex SDK Previous
-
None
-
None
-
Affected OS(s): All OS Platforms
Language Found: English
Description
Steps to reproduce:
1. Create an mxml application:
<?xml version="1.0" encoding="utf-8"?>
<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute" initialize="initHandler(event)">
<mx:Script>
<![CDATA[
import mx.events.FlexEvent;
private function initHandler(event:FlexEvent):void
{ Security.loadPolicyFile("http://www.youtube.com/crossdomain.xml"); Security.loadPolicyFile("http://s.ytimg.com/crossdomain.xml"); } ]]
>
</mx:Script>
<mx:SWFLoader source="http://www.youtube.com/v/VhmF4pKskvw" />
<mx:SWFLoader source="http://www.youtube.com/v/QI1FMoIFd_A" />
</mx:Application>
2. Run
3.
Actual Results:
Displays only one video, instead of two.
Displays the following debug console output:
Warning: Domain s.ytimg.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.
Warning: Domain www.youtube.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.
[SWF] Users:dmitry:Documents:workspace:youtube:bin-debug:youtube.swf - 652,356 bytes after decompression
[SWF] /swf/l.swf - 7,581 bytes after decompression
[SWF] /swf/l.swf - 7,581 bytes after decompression
[SWF] /yt/swf/cps-vfl84386.swf - 484,113 bytes after decompression
-
-
- Security Sandbox Violation ***
SecurityDomain 'http://s.ytimg.com/crossdomain.xml' tried to access incompatible context 'http://www.youtube.com/crossdomain.xml'
Warning: Domain i2.ytimg.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.
- Security Sandbox Violation ***
-
In case both calls to Security.loadPolicyFile are removed debug console output as follows:
[SWF] Users:dmitry:Documents:workspace:youtube:bin-debug:youtube.swf - 652,226 bytes after decompression
[SWF] /swf/l.swf - 7,581 bytes after decompression
[SWF] /yt/swf/cps-vfl84386.swf - 484,113 bytes after decompression
-
-
- Security Sandbox Violation ***
SecurityDomain 'http://s.ytimg.com/yt/swf/cps-vfl84386.swf' tried to access incompatible context 'http://www.youtube.com/swf/l.swf?swf=http%3A//s.ytimg.com/yt/swf/cps-vfl84386.swf&video_id=QI1FMoIFd_A&rel=1&eurl=&iurl=http%3A//i2.ytimg.com/vi/QI1FMoIFd_A/hqdefault.jpg&sk=Fhbgj109Emcx8EmZlxkWYEURFs5fDtpSC&cr=US&avg_rating=4.86842105263&length_seconds=288&allow_ratings=1&title=An%20Irish%20Weaver%27s%20Rugged%20Remote%20Life'
Warning: Domain i2.ytimg.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.
- Security Sandbox Violation ***
-
[SWF] /swf/l.swf - 7,581 bytes after decompression
The main difference here is that in the line after **Security Sandbox Violation** crossdomain policy file URLs are replaced with the actual SWF URLs
It seems that security exception prevents second (and any subsequent) video(s) from being loaded.
Expected Results:
Should not raise security sandbox violation exception, both servers (http://www.youtube.com/crossdomain.xml and http://s.ytimg.com/crossdomain.xml) has appropriate crossdomain policy files. Should display two videos, not one.
Workaround (if any):
none