Cross domain policy files, or rather a lack of them, are the bane of Flash and Flex developers’ lives. Whether it’s the Twitter API, data from Yahoo! Finance or one of any number of other data sources, the moment your SWF makes it to the web you’re faced with the same problem: Security Error!
The solution is to create a simple proxy on your server that can load the data for you and pass it to your application. If you’re using PHP, then this is about as simple as it gets:
// Too simple! (see comment below) <?=file_get_contents($_REQUEST['url'])?>
<?php $url = $_REQUEST['url']; if (preg_match('/\b(https?|ftp):\/\/*/', $url) !== 1) die; echo (file_get_contents($url)); ?>
The preg_match ensures that the requested URL is valid and offers basic protection against anyone trying to maliciously access files on your server.
That’s it. Just paste that into a text file, save it as proxy.php and upload it to your server. You can then access any data you like simply by passing it a URL. Best of all, it works with both GET and POST, for example: