- Home /
Security Policy conflicts with non-crossdomain textures
I am making a game that utilizes GetPixel to build a billboard for 3D object. It worked fine with Unity2.x but now that I'm trying to upgrade the engine to Unity3 it began to conflict with the cross domain policy.
The problem is that I am downloading some external images for GUI usage -- to be more specific user photos from Facebook. I DO NOT utilize these in making billboards -- I use it only for GUI and no 3D object uses them. Yet I'm getting an exception when calling GetPixel using the render target texture. The exception message is as followed:
System.Security.SecurityException: Reading from the screen is not allowed when you have used a downloaded texture without proper crossdomain.xml authorization
Shouldn't unity check whether textures without crossdomain.xml are actually used for the scene rendering and generate such exception? Is there any workaround for this kind of problem?
I would appreciate any comments. Thanks!
I'm co$$anonymous$$g up against this too. I've been assu$$anonymous$$g that it's because Unity can't be sure of the ultimate source of screen data so once you've downloaded something that's potentially risky it forbids all such operations. But if that's not the case and there is some kind of workaround it'd be extremely handy!
Answer by tw1st3d · Jul 10, 2013 at 03:14 PM
I'm not finding a whole lot on the subject, but it looks like you need to write the .xml file. A small example of a fix is provided below.
sys.puts( "policy file requested\n");
socket.write("<cross-domain-policy>\n");
socket.write('<allow-access-from domain="*" to-ports="*" />\n');
socket.write("</cross-domain-policy>\n");
Thanks. Obviously (and I guess in the OP Joon's case) one doesn't always have access to the server which needs to be hosting the crossdomain.xml. I'm in the process of trying to get it hosted by my 3rd party which would be the "right" solution.
But this UnityAnswers question was the only thing I found referencing the issue hence my resurrecting it with my comment above. For the sake of fuller understanding, I'd be really interested if anyone's able to confirm WHY Unity appears to need to deny all such operations as soon as you download an image without the crossdomain policy (it does so even if I destroy the downloaded texture immediately after downloading it).