I’ve recently updated to YUI 2.8.0r4 for a project that was using YUI 2.7. Unfortunately after pointing my script tag to use the newer version of YUI the uploader widget stopped working with the existing code.

As it turns out uploader.swf found in the build directory is broken but uploader.swf found in the examples directory works.

For testing purposes I updated my script to use uploader.swf hosted by YAHOO with the following javascript:

YAHOO.widget.Uploader.SWFURL = "http://developer.yahoo.com/yui/examples/uploader/assets/uploader.swf";

This didn’t work either and since I was no longer hosting uploader.swf on the same domain. The reason for this is best explained by the YUI team:

“The Uploader can only send data to servers in the same security sandbox as the uploader.swf file. If uploader.swf hosted by yui.yahooapis.com is used, then the server must contain a cross-domain permissions file allowing yui.yahooapis.com to upload files. By default, Uploader looks for uploader.swf in the assets directory in the same path as uploader.js, so if you’re loading Uploader from yui.yahooapis.com you will be affected by this issue.”

The solution to this limitation is to create a file called crossdomain.xml in the root of the domain your page using the YUI Uploader is hosted on.

If your domain is www.some-domain.com make sure there is a file available at:
http://www.some-domain.com/crossdomain.xml

The contents of this file in my case are as follows:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="developer.yahoo.com" />
</cross-domain-policy>

After adding that file I was back on track. Once the build verison of uploader.swf is fixed I’ll have to switch the domain to the usual cdn domain of yui.yahooapis.com and update the url I’ve specified for uploader.swf. In fact you can specify multiple allow-access-from tags to specify multiple domains but I opted not to for simplicity.

See adobe.com’s documentation for crossdomain.xml.

This entry was posted by Jonathan Dart on Thursday, October 29th, 2009 at 12:58 pm and is filed under Web Development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.