denied due to lack of policy file permissions

I can't get my Yahoo! Application Platform to run I keep getting denied access even though their policy file accepts requests from any domain.

OK: Policy file accepted: http://social.yahooapis.com/crossdomain.xml
Error: Request for resource at http://social.yahooapis.com/v1/user/<user id>/profile?oauth_signature_method=HMAC-SHA1&lang=en-US&oauth_consumer_key=<key>&oauth_token=<long ass token>&oauth_version=1.0&format=json&oauth_nonce=<blah blah>&oauth_timestamp=1262846353&region=US&oauth_signature=<foo bar> by requestor from http://<my domain>/YOSSimple.swf is denied due to lack of policy file permissions.

The url works btw, I editted some stuff out since it has my keys and stuff.

Links to the stuff I'm trying to do

http://developer.yahoo.com/flash/yos/
http://developer.yahoo.com/flash/yos/examples/simple/YOSSimple.fla

YOSSimple properly creates the url actually since if I type it in my browser I'm prompted if I want to download the file that contains inform开发者_C百科ation regarding my profile.

But it just wont open it in Flash.

I'm guessing that it's not loading the policy file automatically. You should try using Security.loadPolicyFile("http://social.yahooapis.com/crossdomain.xml");

Do you have a webproxy installed with which you can monitor what files exactly are loaded? My favorite is Charles but there are also free FF plugins like Httpfox

EDIT: I think I know what's going wrong. It's going wrong the other way around, the swf from yahoo is trying to access your swf, but doesn't have the correct permissions. Would you try

Security.allowDomain( 'http://social.yahooapis.com/' );

http://www.ieinspector.com/httpanalyzer/

use HTTP analyzer to see whats happening?

also check your not missmatching http://www. with http:// because flash treats them as different domains

also are you running the code locally on your machine. It could be your local security settings

A simple WebProxy will fix this:

<?php
    // PHP Proxy
    // Loads a XML from any location. Used with Flash/Flex apps to bypass security restrictions
    // usage: proxy.php?url=http://mysite.com/myxml.xml

    $session = curl_init($_GET['url']);                    // Open the Curl session
    curl_setopt($session, CURLOPT_HEADER, false);          // Don't return HTTP headers
    curl_setopt($session, CURLOPT_RETURNTRANSFER, true);   // Do return the contents of the call
    $xml = curl_exec($session);                            // Make the call
    header("Content-Type: text/xml");                  // Set the content type appropriately
    echo $xml;        // Spit out the xml
    curl_close($session); // And close the session
?>

Modify the web proxy example above to support multiple options as follows:

$sOptions = "";

foreach($_GET as $sIndex => $sValue) {
  if ($sIndex == 'url') {
    $url = $sValue;
  } 
  else {
    if (strlen($sIndex) > 0) {
      $sOptions .= "&" . $sIndex;
    }
    if (strlen($sValue) > 0) {
      $sOptions .= "=" . $sValue;
    }
  }
}

$url .= $sOptions;

$session = curl_init($url); // Open the Curl session