BitmapData.draw (..) fails due to Security sandbox

I am trying to take snapshot of a movieclip which has many children with loaded swf from different sub-domains. Due to security reasons, BitmapData.draw (..) fails, I am wondering, if there is any good workaround for it? I have crossdomain.xml deployed on all sub-domains with right permissions. I can even add Security.allowDomain (..) for SWFs coming from sub-domains but what to do with JPEG/GIF etc?

I would appreciate if someone from Adobe or community can suggest the right-way or a workaround?

I searched about this problem and came to know of following options:-

  • Create a server-side proxy script, host it with your Flash application in same domain. Your Flash application requests all media/assets through this proxy script. f.ex:
  • Keep BitmapData.draw (..) logic inside a separate SWF in form of methods/functions. Host this SWF with media/asset in same domain. Load this SWF in your main Flash application and generate BitmapData through SWF’s functions/methods. I am little concerned about the security, I don’t want to allow this SWF to access code in my main application. If one sided (Main app –> SWF) access can solve the problem, it would be great. I need to test it. But another concern, when you are using load-balancing and assets might be coming from different domains (servers), then problem remains same.

I found this comment on flashforever very useful.

Update (Aug 1, 2007): Chris Chen posted a nice workaround to grab video-screenshots for external (crossdomain) videos. His workaround works for AS3 and AS2. Check out it . BTW! You can see an example here, which takes screen-shot of YouTube video.

Update: It seems there is no way you can draw using BitmapData.draw (..), for media (jpeg, gif, png, flv etc) loading from different domain, in Adobe Flash Player 8 using crossdomain.xml or with a (..) call. This seems to be fixed in Adobe Flash Player 9.