Unity LoadImageIntoTexture() doesn't work in WebPlayer

I’m trying to load images from a different website on my game, using www.LoadImageIntoTexture(…), and this works on the desktop and my iPad. Though it doesn’t in the web player. I get the following error:

You are trying to load data from a www stream which had the following error when downloading. Rejected because no crossdomain.xml policy file was found UnityEngine.WWW:LoadImageIntoTexture(Texture2D)

Which explains the problem very clearly, though there’s one weird thing. In the Unity Documentation in “Security Sandbox of the Webplayer” there’s an exceptions part that says:

You are allowed to download images from servers that do not have a crossdomain.xml file. However, the only thing you are allowed to do with these images is use them as textures in your scene. You are not allowed to use GetPixel() on them. You are also no longer allowed to read back from the screen. Both attempts will result in a SecurityException being thrown. The reasoning is here is that it’s okay to download the image, as long as the content developer gets no access to it. So you can display it to the user, but you cannot send the bytes of the image back to some other server.

So this says it IS allowed… What am I doing wrong? Or is this a bug? :s

The link I’m trying to load is: http://deckbox.org/mtg/Ponder/tooltip (Note: if you go to this link, you’ll see a bunch of text, though it is a picture, since it does work in the desktop version of my game.) I also tried this link: http://static.ddmcdn.com/gif/how-to-solve-cat-behavior-problems-2.jpg and this one does work. So there’s a hint at what’s wrong. Lastly, I also tried this link: http://gatherer.wizards.com/Handlers/Image.ashx?name=Ponder&type=card which does give a proper image when opened in your browser, but doesn’t load in the webplayer…

So, I have a vage idea of what’s wrong, though no idea how to fix it. Hope someone here can help.


The web player is designed to enforce some degree of security. If you access a texture, then, as the documentation says, you have permission to fetch it. However, Unity web player needs to know that the file truly is a texture, and that means it needs to be transferred with the correct mime type. If I fetch the headers for the problem texture I get:

HTTP/1.1 200 OK
Date: Fri, 23 Nov 2012 11:08:41 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Wed, 26 Sep 2012 10:18:16 GMT
Accept-Ranges: bytes
Content-Length: 31538
Vary: Accept-Encoding
Content-Type: text/html

and this says the file is an html page. So, the security sandbox stops you fetching the page. You could say “well, why can’t the web player fetch the file, and examine it to decide if it’s allowed or not”. We obviously don’t do that because we don’t want to fetch pages that we are not allowed to fetch. The solution is to simply ask the person hosting the image to fix the headers.

In your third example the URL asks the server to send something. It responds with the correct header and an image. It’s irrelevant that the URL doesn’t have an image filename explicitly given. Web servers are infinitely easier to understand if you break the mental connection that URI means folder path and filename.

Also, just because Unity web player fetches images for you does not mean you have permission to use the content. If you are planning on making something that uses images from other companies you may want to seek their approval.

This problem fixed itself. The newest version of unity 3 solved it for me. I still get a warning in the javascript console, though it does load the image.