tags:

views:

2327

answers:

1
Q: 

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation:

I have created a crosdomain policy file, I have added code to my flex app, and I still get security sandbox violation...have I done something wrong? Here are my errors and file snippets:

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://mysite.com/folder1/folder2/media/swf_demo.swf cannot load data from http://mysite.com/folder1/folder2/media/locXML.xml.

swf_demo.swf is my flex application

The following lines have been added to my flex application:

Security.allowDomain("mysite.com");
Security.allowDomain("www.mysite.com");
Security.allowDomain("http://mysite.com/folder1/folder2/media/locXML.xml");

During my init() function, my first line reads:

Security.loadPolicyFile("http://mysite.com/crossdomain.xml");

Here is my crossdomain.xml:

<?xml version="1.0" encoding="utf-8"?>
<cross-domain-policy>
<allow-access-from domain="www.mysite.com" secure="false"/>
</cross-domain-policy>

why is it throwing this error? I have to be doing something wrong...

+1  A: 

www.mysite.com and mysite.com are different sites when it comes to crossdomain security. If your SWF is on the same site as your data then your don't need a crossdomain.xml policy. I would recommend redirecting users from mysite.com to www.mysite.com so that then everything would come from the same site and no policy file would be needed.

James Ward  2010-02-27 20:43:49
James I actually do have a redirect on my site right now. When you type mysite.com it redirects you to mysite.com/folder1/demo/demo.htm could this have something to do with it?
Phil  2010-02-28 18:35:31
In the error message above are the domain names accurate? A SWF loaded from mysite.com should always be able to access data on mysite.com without any crossdomain policy files.Also, you should remove the Security.allowDomain lines from your app. They don't do anything in this context and could open you to security vulnerabilities.
James Ward  2010-03-01 12:14:11

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.