"No active security context" error even with the setTimeout trick?

I have this code that is supposed to pull a thumbnail image from a remote server and return it to be displayed in Flex. Unfortunately my code is throwing "No active security context" errors.

After searching I saw a trick with setTimeout that is supposed to fix this, but it isn't working for me. What am I doing wrong?

Here is the Code in Flex 4.0 (Note: File is a custom class)

public function getThumbnail(file:File, callBack:Function):void
{
  // only for image files
  if (file.mimeType.indexOf("image") > -1) {
    var loader:Loader = new Loader();
    // create request
    var urlVars:URLVariables = new URLVariables();
    urlVars.id = file.id;
    var req:URLRequest = new URLRequest(THUMBNAIL_URL);
    req.data = urlVars;
    setTimeout(
      function():vo开发者_如何学编程id {
        loader.load(req);
      }, 1);
    // set load handler
    loader.contentLoaderInfo.addEventListener(Event.COMPLETE,
      function(event:Event):void
      {
        var thumbnail:Image = new Image();
        thumbnail.source = event.currentTarget.content;
        callBack(thumbnail);
      });
    }
}

Update I placed this in my application.mxml

Security.allowDomain("*");
Security.allowInsecureDomain("*");
Security.loadPolicyFile("http://localhost:8080/crossdomain.xml");

And I modified the code in my action script file to

public function getThumbnail(file:File, callBack:Function):void
{
  // only for image files
  if (file.mimeType.indexOf("image") > -1) {
    var loader:Loader = new Loader();
    // create request
    var urlVars:URLVariables = new URLVariables();
    urlVars.id = file.id;
    var req:URLRequest = new URLRequest(THUMBNAIL_URL);
    req.data = urlVars;
    var context:LoaderContext = new LoaderContext(true);
    loader.load(req);
    // set load handler
    loader.contentLoaderInfo.addEventListener(Event.COMPLETE,
      function(event:Event):void
      {
        var thumbnail:Image = new Image();
        thumbnail.source = event.currentTarget.content;
        callBack(thumbnail);
      });
    }
}

I had to modify my server.xml on my J2EE backend to get the crossdomain.xml to show up at the root.

My crossdomain.xml looks like this:

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

    <!--This domain can accept the SOAPAction header from a SWF file from www.example.com -->

    <site-control permitted-cross-domain-policies="all" />

    <allow-access-from domain="*" secure="false" />

    <allow-http-request-headers-from
        domain="*" headers="SOAPAction" />

</cross-domain-policy>

I still get the "No active security context" error in Firefox with the debug version of Flash Player.

If I remember correctly (Security policies are a bit of a quagmire in Flash), The Loader class does not check the CrossDomain policy file when loading images. You can instruct it to do so by passing your own LoaderContext instance to loader.load(), for example:

loader.load(urlRequest, new LoaderContext(true));

I don't think you need to use setTimeout in your code; I've not heard of this practice and I'm not sure what it would achieve (other than delaying the load call by 1 ms :)

It may be as simple as loading the cross domain policy from the website you're pulling thumbnails from.

Security.allowDomain("*");
Security.allowInsecureDomain("*");
Security.loadPolicyFile("http://domain.com/crossdomain.xml");

I can't find the link anymore, but there was a bug with version 10.2 of Flash with debugging. I recently upgraded to version 10.3 with the debugger and I no longer get this error.