tags:

views:

245

answers:

3
+1  Q: 

AS3: Security sandbox violation

I want to go live with my site.

...but I need help with a security violation I am incurring. I've seen various threads on this forum regarding a crossdomain.xml file to include and link to, but I don't get it... no matter what I try I still end up with the same result. You'll note below that it is not recommended to use crossdomain hacks.

FWIW, this only happens when I export a release build... I can load the php data w/out an issue in my debug/developing phase locally in Flex.

What gives? When I make a PHP based request for data I always get this error popping up:

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://alubow.com/jml_testing/viewable/alubow_project.swf cannot load data from http://www.alubow.com/jml_testing/foldergrab.php?ipath=assets/bitmap/portrait_thumbs/&tpath=assets/bitmap/portrait_imgs/. at utils.php::DirectoryReader() at alubow_project/newScroller() at alubow_project/mainClickOut()

Is there code I need to add to get this to work? Do I need to configure the server I am using? I will need to go live with this site soon and these errors I am getting both locally and serverside (via a browser) are unacceptable.

COULD THIS BE A PROBLEM WITH THE FLASH PLAYER I HAVE INSTALLED? I have the debugger version of flash player 10.

jml

+1  A: 

I know this is weird but for local files loaded through the flash player you probably just need to hit this page. Then you'll add your swf or your folder of swf's into the whitelist and they'll be able to access outside resources magically.

Chuck Vose  2010-01-04 19:30:01
they are _not_ local files. everything i am loading is on the server, so that is what i don't understand. i also have no idea what is going on with that page... ???
jml  2010-01-04 19:53:35
No, but you're testing your swf locally correct? I know that page is confusing, there's an app at the top where you can add in your swf to the whitelist for network connections. Somehow this gets stored in your computer and makes the problem go away.
Chuck Vose  2010-01-04 21:04:49
I have been testing locally and all is working there. I am now wanting to put the website up online and this seems to be the source of the problem. I mentioned in my post that the problem only occurs when I export a release build. At that point the compiled SWF created runs neither locally or server-side.
jml  2010-01-04 21:28:02
Ah, I understand now. Apologies. I misread the original post.
Chuck Vose  2010-01-04 21:36:50
+2  A: 

The problem is with the www prefix. I guess you are trying to load a page with out the www subdomain and the URL you are looking for does have that prefix.

Now, what you need to do is one of the following:

  • change the request url
  • add both www.yourdomain.com And yourdomain.com to the crossdomain.xml
  • call the url dymanicaly. this is the best solution but needs some more work. you can get it done using ExternalInterface and connection to JS here. OR you can use the BrowserManager.

Enjoy!

yn2  2010-01-04 23:11:53
Cool. Where do I put the crossdomain.xml file? In the root of alubow.com/* or one level up?
jml  2010-01-05 00:04:56
Nevermind. I figured out that it needs to go in the root of mydomain.com/*. Thanks so much for your help, yn2.
jml  2010-01-05 05:21:13
+1  A: 

It may be because your app is requesting from www.alubow.com when hosted from alubow.com, which triggers a request for http://www.alubow.com/crossdomain.xml, which doesn't exist. You could refer to your app as www.alubow.com/jml_testing/viewable/alubow_project.swf and avoid the error.

Alternately, you could add a crossdomain.xml file to www.alubow.com.

justkevin  2010-01-04 23:18:21

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.