*** Security Sandbox Violation *** when calling a You Tube video

Similar Messages

• Security Sandbox Violation when calling a remote service from a worker

  From my application, I make calls to a BlazeDS server, that works fine.
  I added a worker that calls the same services on the same server. But then, only for the calls from the worker, I have a Security Sandbox Violation error. I launch the application from FB in debug mode.
  This is the message :
  Error: [strict] Ignoring policy file at http://xxxxxxxxxxxx/crossdomain.xml due to incorrect syntax.  See http://www.adobe.com/go/strict_policy_files to fix this problem.
  *** Security Sandbox Violation ***
  Connection to http://xxxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling halted - not permitted from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf
  Error: Request for resource at http://xxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling by requestor from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf is denied due to lack of policy file permissions.
  What should I do to allow the worker to make remote calls ?

  I made some progress on this. There are two different cases :
  1) The service you want to access has a crossdomain.xml file
  All the workers can access the service without a problem.
  2) The service you want to access doesn't have a crossdomain.xml file
  Whether you launch from FB in debug mode or you put your application on the same server you are trying to access, only the primordial worker will access the service, the other workers will encounter a security error.
  I believe this is a bug. Shouldn't a worker have the same access privileges as the primordial worker ?

• Security Sandbox Violation when trying to open new window

  Hi guys
  I have a flash button that I would like to open a new window
  of a specific size when clicked. I found some code on a thread at
  flashkit and tried that out, but when testing in flash I get the
  following message:
  *** Security Sandbox Violation ***
  Connection to javascriptopenNewWindow('
  http://www.designlogic.com.ph/assets/Web_pages/tropicanacomp.gif','height=500,width=500,to p=10,left=100,toolba
  r=no,scrollbars=yes') halted - not permitted from
  file:///C|/Users/James/Graphics/Websites/Design%20Logic/Raw%5FImages/Flash/flashbuttons/G allery%20icons/webPagesIcons/Tropicana1.swf
  Here is the code I inserted into the actionscript:
  on (release) {
  getURL("javascriptopenNewWindow('
  http://www.designlogic.com.ph/assets/Web_pages/tropicanacomp.gif','height=500,width=500,to p=10,left=100,toolba
  r=no,scrollbars=yes') ");
  I also tried steamrolling ahead and testing it from
  dreamweaver after inserting the flash onto my page, but it doesn't
  fucntion. No surprises there.
  Would really appreciate it if someone could help me out with
  this.

  Oh its AS 2.0 by the way :)

• Security sandbox violation when URL doesn't have 'www'

  I am loading an external swf file from the same domain into my main flash movie using an absolute path: "http://www.sitename.com/movie.swf". The problem is that when someone goes to the site without the 'www' in the address: "http://sitename.com" - the movie throws a sandbox error upon trying to load the 2nd movie.
  I have a crossdomain in place set to: <allow-access-from domain="*" secure="false"/>.
  I also have: Security.allowDomain("*"); in the document class of the main movie.
  I realize I could use a relative path to load the movie instead of the absolute path, but shouldn't the cross domain file and/or the allowDomain command take care of the security issues? Is there another workaround besides the relative path?
  Thanks,
  Amanda

  The crossdomain should work.  Check to make sure you have it set up properly.
  Another workaround is to use the LocalConnection class to grab the current domain.  We do this at my company, where we distribute files out to the local server of the branch.
  import flash.net.LocalConnection;
  var lc:LocalConnection = new LocalConnection();
  var myIP:String = lc.domain();
  var pathToLoad = "http://"+myIP+"/movie.swf";

• When viewing a you tube video on Firefox in the desk top mode there was a gear to regulate the video speed. Why did this gear disappear?

  I am using a Samsung Galaxy 4 pad and need to slow down youtube videos to learn dance steps and now can no longer use it on html5 videos. What happened?

  Hi Deeschlet,
  I have tested the HTML5 video player in desktop mode in Firefox and I also do not have this feature. What version of Firefox did you see this feature in?
  If I long tap on the player it will ask to show controls. Then long tapping again there is Play, Pause, Save Video, Full Screen and Mute.
  Was there an add on that you used this with in the past?

• Flash CS5.5: Loading XML-file causes a "Security Sandbox Violation"

  Hi,
  after upgrading from CS3 to CS5.5, i get a "Security Sandbox Violation" when loading a XML-file. With CS3 everything was fine, but now my file is not working any more. The XML-file and my SWF-file are stored in the same directory and it nether work local nor on the webserver.
  I don't know the correct message in english, but flash tells me something like:
  "Security Sandbox Violation"
  access to file:[]data.xml disconnent - not allowed from file:[]myfile.swf
  Why am I not allowed to load an XML-file from the same directory/domain any more? And how can I get my data into my flash-File now?
  It doesn't seems to be a Flash-Player-Problem, because an older version with the same code still works. So the problem has to be located in Flash CS5.5
  Can anybody help me? Thanks a lot!
  Sonja

  Please ask such questions on the product specific forums. It is highly doubtful that anyone wil lsee it here.
  Mylenium

• This bug has been around for over a year: SecurityError: Error #2123: Security sandbox violation

  Hi,
  The bug of 'SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: file:///xxx/xxx.swf cannot access rtmfp://fms4.acrobat.com/cocomo/na2-sdk-xxx/xxx. No policy files granted access.' was first reported in lccs forum over a year ago:
  http://forums.adobe.com/message/2803074
  But the bug is still around. The bug can be generated by calling BitmapData.draw() on a flash.media.Video object which is attached to a p2p stream. It looks like the solution is to have the publisher to call:
  send("|RtmpSampleAccess", true, true)
  on the NetStream object _before_ the subscriber calls NetStream.play(), in order to give the permission to subscribers for audio and video streams.
  In lccs library, the above permission authorisation happens in WebcamPublisher:
  protected function onNetStatus(p_evt:NetStatusEvent):void
  if (p_evt.info.code=="NetStream.Connect.Success") {
  setTimeout(sendSnapShotPermission, 500);
  _stream.send("|RtmpSampleAccess", true, true);
  protected function sendSnapShotPermission():void
  _stream.send("|RtmpSampleAccess", true, true);
  but it doesn't help the problem. In fact, it is not clear to me when this 'snap shot permission' is sent to the subscriber.
  One more note: This is not a critisism for the lccs development quality, but rather a question on how ready lccs is for production use. After encountering this bug, I had to go through the lccs code (the open source parts), and found out that the library is not really written, well, carefully, and it is full of temporary quick-n-dirty fixes.
  For instance in the above example, sendSnapShotPermission() is called after 500 milliseconds, probably to allow something to happen before calling the method, but how can you be sure that it will happen in 500 milliseconds? Probably,an event listener should have been used. Immediately in the next line, we see:
  _stream.send("|RtmpSampleAccess", true, true);
  which is a duplicate of sendSnapShotPermission(). many examples like this can be found throughout the library.
  Aureliano

  Hi Nigel,
  Two questions:
  1. When the publisher sends the access permission to the subcriber by:
  netStream.send("|RtmpSampleAccess", true, true)
  , on the subscriber side, what event or function can handle the guaranteed receipt of the access permission? Currently it is possible to draw the incoming stream video upon receiving NetStream.Play.Star and waiting for 5 seconds or so:
  public class MyWebcamSubscriber extends WebcamSubscriber {
  override protected function layoutCameraStreams():void
  // trying the event listener seems to work here.
  _streamManager.addEventListener(NetStatusEvent.NET_STATUS, onNetStatus);
  override protected function onNetStatus(e:NetStatusEvent):void
  super.onNetStatus(e);
  case "NetStream.Play.Start":
  setTimeout(function():void {
  // draw the video from the incoming stream here.
  }, 5000);
  The questions is, which event can let the subscriber know that it has the access permission to the video stream?
  2. In WebcamPublisher, why is that the access permission is sent 3 times?
  a. Once on receiving NetStream.Connect.Success with 0.5 second delay, as in below.
  b. Once immediately upon receiving NetStream.Connect.Success, as in below.
  protected function onNetStatus(p_evt:NetStatusEvent):void
  if (p_evt.info.code=="NetStream.Connect.Success") {
  setTimeout(sendSnapShotPermission, 500);
  _stream.send("|RtmpSampleAccess", true, true);
  protected function sendSnapShotPermission():void
  _stream.send("|RtmpSampleAccess", true, true);
  c. Once in onConnectionTypeChange() with 2 seconds delay:
  protected function onConnectionTypeChange(p_evt:StreamEvent):void
  if ( _streamManager.isP2P) {
  _stream= new NetStream(_connectSession.sessionInternals.session_internal::connection as NetConnection,NetStream.DIRECT_CONNECTIONS);
  setTimeout(sendSnapShotPermission, 2000);

• Security Sandbox Violation Crashes Photoshop

  ====================================================
  Problem:
  ====================================================
  I have a Photoshop extension whose main app launches a popup window, and that popup window displays an image via a HTTP source and it has a custom event.  When a button click dispatches that custom event, and that event listener opens a local file on the system, Photoshop crashes after a Security Sandbox Violation.
  I am building a demo that incorporates LiveCycle DataServices and ColdFusion to synchronize data between a web application and the extension.  Part of the application includes previewing images from the extension over HTTP.  However, to open the image in PS after viewing the preview, I use the Photoshop DOM method open(filePath) which accesses the local file system.
  The problem seems to be that network access and local file access are mutually exclusive in Flash/Flex.  If I use the -use-network=false compiler option, then the image will open properly via the DOM, but then I would not be able to preview the images over HTTP.
  Questions:
  1) Is there a way in the CS SDK to enable *both* local file system access *and* network access?
  2) If not, then can you suggest a workaround?
  3) Would you agree that this would be a defect in Photoshop and that PS should not crash upon a Flash Player security exception?
  Thank you,
  Steven Erat
  ====================================================
  Environment
  ====================================================
  Photoshop CS5 Extended 12.01 x32
  Flash Builder 4
  CS SDK 1.02
  Extension Builder SDK 3.4
  MacBook Pro / OS X 10.5 / Intel Core 2 Duo 2.66 GHz / Procs: 1 / Cores: 2 / Memory: 8 GB
  App configured for Photoshop CS5 and Photoshop CS5 Extended
  ====================================================
  NewsAgencyPhotos.mxml (the main app)
  ====================================================
  <?xml version="1.0" encoding="utf-8"?>
  <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" xmlns="com.stevenerat.news.*"
                  horizontalScrollPolicy="off" verticalScrollPolicy="off" verticalGap="0"
                  layout="vertical" horizontalAlign="left"  backgroundColor="#353535"
                  historyManagementEnabled="false"
                  creationComplete="getPhotos();">
      <mx:Script>
          <![CDATA[
                ...            public var selectedPhoto:String;
              public function handlePhotoClick(data:Object):void {
                  var PreviewImageWindow:PreviewImage = PreviewImage(PopUpManager.createPopUp(this,PreviewImage,true));
                  var filePath:String = data.dirPath + data.fileName;
                  PreviewImageWindow.addEventListener("openImageEvent",handleImageOpenEvent);
                  PreviewImageWindow.setFileName(data.fileName);
                  PreviewImageWindow.setFilePath(filePath);
                  PreviewImageWindow.y = 0;
                  PreviewImageWindow.x = 0;
              private function handleImageOpenEvent(event:Event):void{
                  dump(event);
              public function dump(obj:Object):void{
                  trace(mx.utils.ObjectUtil.toString(obj));
  ====================================================
  PreviewImage.mxml (the popup)
  ====================================================
  <?xml version="1.0" encoding="utf-8"?>    
  <mx:TitleWindow xmlns:mx="http://www.adobe.com/2006/mxml"  title="Preview Image"
      creationComplete="init();">
      <mx:Metadata>
          [ Event( name="openImageEvent", type="flash.events.Event") ]
      </mx:Metadata>
      <mx:Script>
          <![CDATA[ 
              public function init():void{
                  this.title = 'Previewing:     ' + fileName;
                  previewImg.source = "http://localhost:8500/LR_AUTO/imported/previews/" + fileName;
                  previewImg.visible = true;
                  imgProgressBar.visible=true;
              private function openImage():void{
                  NewsAgencyPhotoshop.open(this.filePath);
                  var openImageEvent:Event = new Event("openImageEvent");
                  dispatchEvent(openImageEvent);
                  closePopup();
  <mx:Button id="btnOpen" label="OPEN" visible="false"  click="openImage()"/>
  ====================================================
  NewsAgencyPhotoshop.as
  ====================================================
          public static function open(filePath:String):void
              var app:Application = Photoshop.app;
              var file:File = new File(filePath);
              app.open(file);
  ====================================================
  Extension Builder console output
  ====================================================
  [SWF] StageManager-2.0.swf - 1,188,270 bytes after decompression
  2/15/2011 10:37:57.747 [INFO] com.adobe.csxs.stagemanager.StageManager creationComplete()
  2/15/2011 10:37:57.765 [INFO] com.adobe.csxs.stagemanager.external.ExternalEventReceiver ExternalInterface callback registered.
  2/15/2011 10:37:57.767 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver ExternalInterface callback registered.
  2/15/2011 10:37:57.770 [INFO] com.adobe.csxs.command.GetPendingStageManagerIdCommand calling GetPendingStageManagerId through ExternalInterface
  2/15/2011 10:37:57.784 [INFO] com.adobe.csxs.command.GetPendingStageManagerIdCommand execute() PlugPlug returned StageManager ID.
  2/15/2011 10:37:57.828 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CH
  2/15/2011 10:37:57.829 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.example.helloworld.extension1
  2/15/2011 10:37:57.830 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension BASICAMFCONNECTOR
  2/15/2011 10:37:57.830 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CSREVIEW
  2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension HELLOPHO
  2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension KLR
  2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.stevenerat.news.extension1
  2/15/2011 10:37:57.832 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CREATENEWCSREVIEW
  2/15/2011 10:37:57.832 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension NETAVERAGES
  2/15/2011 10:37:57.833 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.adobe.rc.mymessages
  2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CHWE
  2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.adobe.rc.operationalmessages
  2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension STORY
  2/15/2011 10:37:57.835 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension FRIO
  2/15/2011 10:37:57.835 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension MINIBR
  2/15/2011 10:37:57.836 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension BLCSLIVE
  2/15/2011 10:37:57.837 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CHSIGNIN
  2/15/2011 10:37:57.837 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension swfpanel-onOne-0
  2/15/2011 10:37:57.838 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader ExtensionLoader() registering ExternalInterface callback loadExtension
  2/15/2011 10:37:57.839 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader ExtensionLoader() registering ExternalInterface callback unloadExtension
  2/15/2011 10:37:57.840 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader checkLoadingQueue()
  2/15/2011 10:37:57.842 [INFO] com.adobe.csxs.command.GetLoadingQueueCommand calling GetLoadingQueue through ExternalInterface
  2/15/2011 10:37:57.846 [INFO] com.adobe.csxs.command.GetLoadingQueueCommand execute() PlugPlug returned extensions to be loaded.
  2/15/2011 10:37:57.847 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader loadExtension() com.stevenerat.news.extension1
  2/15/2011 10:37:57.851 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Extension com.stevenerat.news.extension1 is not a plugin extension -> validating.
  2/15/2011 10:37:57.857 [INFO] com.adobe.csxs.stagemanager.security.impl.ExtensionValidator In debug mode the extension signature is not validated.
  2/15/2011 10:37:57.861 [INFO] com.adobe.csxs.command.SetExtensionSignedCommand calling SetIsSigned through ExternalInterface
  2/15/2011 10:37:58.071 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager doLoadExtension() Extension com.stevenerat.news.extension1 loaded.
  2/15/2011 10:37:58.185 [INFO] com.adobe.csxs.stagemanager.window.ExtensionWindow onCreationComplete()
  [SWF] Users/stevenerat/Library/Application Support/Adobe/CS5ServiceManager/extensions/com.stevenerat.news/NewsAgencyPhotos.swf - 1,958,036 bytes after decompression
  2/15/2011 10:37:58.398 [INFO] com.adobe.csxs.stagemanager.window.ExtensionWindow Loading of extension com.stevenerat.news.extension1 complete.
  2/15/2011 10:37:58.400 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher Loading of extension com.stevenerat.news.extension1 complete.
  2/15/2011 10:37:58.503 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
  2/15/2011 10:37:58.504 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
  2/15/2011 10:37:59.426 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLifeCycleNotifier onExtensionComplete()
  2/15/2011 10:37:59.428 [INFO] com.adobe.csxs.command.SetExtensionLoadedCommand calling SetIsLoaded through ExternalInterface
  2/15/2011 10:37:59.430 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLifeCycleNotifier dispatchInvokeEvent()
  2/15/2011 10:37:59.433 [INFO] com.adobe.csxs.command.CheckStartOnEventCommand calling CheckStartOnEvent through ExternalInterface for com.stevenerat.news.extension1
  2/15/2011 10:37:59.437 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowStateManager onExtensionComplete()
  2/15/2011 10:37:59.445 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
  2/15/2011 10:37:59.451 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
  2/15/2011 10:37:59.451 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
  2/15/2011 10:37:59.488 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
  2/15/2011 10:37:59.488 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
  2/15/2011 10:38:03.763 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
  2/15/2011 10:38:16.926 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
  2/15/2011 10:38:17.236 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
  2/15/2011 10:38:17.237 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
  *** Security Sandbox Violation ***
  SecurityDomain 'http://localhost:8500/LR_AUTO/imported/ERAT_STEVEN_20110122_060.jpg' tried to access incompatible context 'app:/StageManager-2.0.swf'

  I solved this issue by creating a symbolic link on the file system so that my CS SDK project src folder now sees the directory in the file system webroot that it was previously accessing images over HTTP.  The extension only sees resources over the local filesystem, not the network.
  A bit of a kludge, but it would be great to have the CS SDK APE player provide a way to access the network and the file system.  At the moment, I'm not aware of one.
  And I'll just add that although I have a workaround, it still seems like a defect that PS would crash on a sandbox exception.
  Thanks for reading!

• Error #2048: Security sandbox violation

  I've been developing Flex apps for a couple of years now and feel comfortable with my development environment.
  I'm testing out Gumbo in my same environment (new workspace): WAMP based
  My test app works fine on my localhost set up... but when I upload the files to my hosted domain server... I get Error #2048: Security sandbox violation.
  Specifically:
  - I'm invoking an HTTPService by setting the url to a relative path (folder/file in same dir as the swf)
  - I set method to POST and useProxy to false
  (<fx:Declarations>
          <s:HTTPService id="contentService" url="data/verd_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
      </fx:Declarations>)
  - I wrapped the send call in a try / catch block and show an Alert with the error message in the catch... here's what it says
  body = (null)
    clientId = "DirectHTTPChannel0"
    correlationId = "F4B9A542-8B00-5CDB-3C36-1316919FC255"
    destination = ""
    extendedData = (null)
    faultCode = "Channel.Security.Error"
    faultDetail = "Destination: DefaultHTTP"
    faultString = "Security error accessing url"
    headers = (Object)#1
      DSStatusCode = 0
    messageId = "E629F555-EF8B-E535-7CE4-13169662A82A"
    rootCause = (flash.events::SecurityErrorEvent)#2
      bubbles = false
      cancelable = false
      currentTarget = (flash.net::URLLoader)#3
        bytesLoaded = 0
        bytesTotal = 0
        data = (null)
        dataFormat = "text"
      eventPhase = 2
      target = (flash.net::URLLoader)#3
      text = "Error #2048: Security sandbox violation: http://****.com/Main.swf cannot load data from http://localhost:***/data/verd_content.xml?hostport=***t.com&https=N&id=F4B9A542-8B00-5CDB -3C36-1316919FC255."
      type = "securityError"
    timestamp = 0
    timeToLive = 0
  *NOTE: I obfuscated parts of the url for security reasons
  I read the other similar posts here about problems like this when using the PHP / Zend set up... but I checked the .actionScriptProperties file and it does not have any URLs in there (like localhost:port#)
  I'm not using a service-config.xml file in this project... but I have set up WebORB for PHP servers and use that all the time... so I know how that works...
  Is this a bug or am I missing something new in the Gumbo ?
  Again: my swf file is in a folder in the webroot on my ISP
  also inside that folder is another folder with an XML file in it
  I'm setting an HTTPService call using the url parameter on a POST with a relative file path (folder/filename.xml)
  changing the url to an absolute makes no difference...
  thanks in advance for any help

  Sure...
  here's the code that contains both the HTTPService setup and the URLLoader setup... like i said in the original post.. the HTTPService call throws the error described, whereas the URLLoader call does not:
  private var loader : URLLoader = new URLLoader();
  private var req : URLRequest = new URLRequest("data/***dant_content.xml");//path obfuscated
  protected function Application_creationComplete():void
      // This works...
      loader.addEventListener( Event.COMPLETE, parseContent );
      loader.addEventListener( IOErrorEvent.IO_ERROR, contentFault );
      // This does not...
      /* contentService.addEventListener( ResultEvent.RESULT, parseContent );
          contentService.addEventListener(FaultEvent.FAULT, contentFault ); */
      try
          loader.load( req );
      catch (err:Error)
          Alert.show("In Try Catch Error Block: " + err.message);
          currentState='home';
  the HTTPService was set up like this: (again, i obfuscate the URLs for security)
      <fx:Declarations>
          <s:HTTPService id="contentService" url="data/***dant_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
      </fx:Declarations>
  the parseContent function setup in the event listener justs reads the XML file and uses that data to build an image gallery.
  hope this helps (for what its worth: I'm not doing anything serious with Gumbo as of yet due to these kinds of bugs)

• *** Security Sandbox Violation *** problem

  Dear All,
  I having the Security problem
  My Scinarion
  I have an Exe (With SWISH Studio) / Swf file which is on Local Machine calles a swf file which on Server and that Swf file call a XML file which is on a Same Server
  While Compiling the SWF file gives the following error message of
  *** Security Sandbox Violation ***
  SecurityDomain 'http://www.mydomain.com/folder/swfname.swf?mathrand=Wed Apr 8 19:39:27 GMT+0530 2009' tried to access incompatible context 'file:///D|/folder/swfname.swf'
  I have already tried for
  System.security.allowDomain("*");   and   crossdomain.xml
  But it dosen't worked for me
  I will appriciate if any one can give me a ray of hope to solve this problem
  Please give me some solution
  Regards
  Raj

  Dear Kglad,
  Thanks for your instant reply as I have already mention I have tried with crossdomain.xml
  If you want to check the crossdomain and the fla files then I will mail u the details please provide me the email address
  Once again thanks
  Regards
  Raj

• Youtube: security sandbox violation

  Does anybody have a recipe for loading the AS3 chromeless player into a Flex application such that you don't get the 'incompatible context' errors constantly?
  *** Security Sandbox Violation ***
  SecurityDomain 'http://core-dev.thismoment.com/client/Demo.html' tried to access incompatible context 'http://www.youtube.com/apiplayer?version=3'
  I've been experimenting all day with  Security.allowDomain, Security.allowInsecureDomain, and  LoaderContext, but I haven't found the magic combination yet. The  main thing I want to do is be able to track the mouse wherever it goes on the screen.  Right now, if I mouse over the YouTube player, mouse events stop getting sent to the application, and I get that sandbox violation error in the debug log.  It works fine if I run the swf from a file: URL - it just doesn't work when it's coming over http, so obviously there is some sort of Flash security model thing kicking in.

  Doors only get opened from the inside otherwise all the bad guys would come
  in.
  Only the loaded SWF can allow access from the loading SWF.

• Error 2142 - security sandbox violation

  Hi,
  I have a problem when I try to compile my player, I get the following error:
  SecurityError: Error #2142: Security sandbox violation: local SWF files cannot use the LoaderContext.securityDomain property. file:///C|/development/Flash/Pathe%20ads/New%20cmpt%20sample%20code/AS3ComponentDemoCode% 5Fv2.1/DemoPlayer3Component.swf was attempting to load http://objects.tremormedia.com/embed/swf/acudeo.swf?rand=949275459.
  What's odd is that:
  1. I have used Security.allowDomain("http://objects.tremormedia.com/"); in the source code
  2. This was working fine the day before last!
  I have tried adding a crossdomain.xml file in the folder where I build the player, still no joy.
  Can anyone help me with this? I tried throughout yesterday to fix it to no avail. I've even tried installing and building the player on a different machine to double check there wasn't something wrong on my PC.
  Any help would be great - I'm tearing my hair out!

  Hi,
  If you're still having issues, feel free to reach out to us directly. [email protected] or me personally at [email protected]
  Thanks,
  Andrew Baisley
  Sr Solutions Engineer
  Tremor Media

• BitmapData.draw() SecurityError: Security sandbox violation

  i am loading and playing a local video file with appendBytes() and when i call a bitmapData.draw() function
  below exception comes up.
  SecurityError: Error #2123: Security sandbox violation: BitmapData.draw
  cannot access null. No policy files granted access.
  what should i do???....

  Sir i already mention in my last message i test it with both relative and absolute.
  Yes i khow relative paths works fine when i do some thing like this
  <mx:VideoDisplay x="0" y="0" width="516" height="379" source="../user_data/uploads/cd73502828457d15655bbd7a63fb0bc8/v/1345023450-Action_.flv"/>
  bitmap.draw works fine in above case but my scenario is different i am loading a complete video as bytearray before playing and play video from that bytes
  private function fileLoaderComplete(event:Event):void
       //Pass the loaded bytes to player
         player.AddVideo(urlLoader.data);
  //This is Add video Function in Player.mxml
  public function AddVideo(VideobyteArray:ByteArray):void
                  if(ns == null)
                      var nc:NetConnection = new NetConnection();
                      nc.connect(null);
                      ns = new NetStream(nc);
                     // ns.checkPolicyFile = true;
                      ns.soundTransform = new SoundTransform(0.0);
                      ns.client = this;
                      ns.addEventListener(NetStatusEvent.NET_STATUS, nsStatus);
                  videoData = VideobyteArray;
                  GetTags(videoData);
                  ns.play(null);
                  ns.appendBytesAction(NetStreamAppendBytesAction.RESET_BEGIN);
                  ns.appendBytes(VideobyteArray);
                  video.attachNetStream(ns);
                  playBar.TogglePlay(true);
  i think its a bug in flash sdk 4.6 (Flash Player 11)
  bitmap.draw function somehow conflicts with the appendBytesAction or appendBytes
  this question is posted  on ActionScript 3.0 forum before
  http://forums.adobe.com/message/4650890#4650890
  http://flash.bigresource.com/flash-use-BitmapData-draw-with-NetStream-appendBytes--iTNz6LV JM.html
  http://stackoverflow.com/questions/5607047/how-can-i-use-bitmapdata-draw-with-netstream-ap pendbytes

• SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: cannot access

  When we try to print the Google Map API for Flash component, it is throwing the Security Sandbox Violation
        SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: http://ps6143:8080/aa/XYZ/Main.swf/[[DYNAMIC]]/1 cannot access  http://mt1.google.com/vt/lyrs=m@171000000&hl=en&src=api&x=1&y=1&z=1&s=Gali&flc=x3t. No policy files granted access.
  at flash.display::BitmapData/draw()
  To avoid this error we tried to use the alternate API provided by library. But that also causing cross domain issue as it loading some 3d library internally which is not able to access our application.
  SecurityError: Error #2121: Security sandbox violation: BitmapData.draw: http://maps.googleapis.com/mapfiles/lib/map_1_20_10_3d.swf cannot access http://ps6143.persistent.co.in:8080/dv/SiteOptimizer/SiteOptimizer.swf/%5b%5bDYNAMIC%5d%5d /1http://ps6143:8080/aa/XYZ/Main.swf/[[DYNAMIC]]/1. This may be worked around by calling Security.allowDomain.
  at flash.display::BitmapData/draw()
  Please help us in resolving this issue.
  Thanks & Regrds,
  Ravi Darji

  There is no redirect... Charles is a web proxy so it will look completely legitimate to the browser.
  According to the help, it's getting the access request from the SWF itself and not the crossdomain.xml file:
  In the case of a source object other than a loaded bitmap, the source object and (in the case of a Sprite or MovieClip object) all of its child objects must come from the same domain as the object calling the draw() method, or they must be in a SWF file that is accessible to the caller by having called the Security.allowDomain()method.
  http://help.adobe.com/en_US/ActionScript/3.0_ProgrammingAS3/WS5b3ccc516d4fbf351e63e3d118a9 b90204-7d1b.html#WS5b3ccc516d4fbf351e63e3d118a9b90204-7c4a
  So the default state accessing a SWF on a different domain is protected, unless that SWF allows some or all domains to access it via the Security.allowDomain() method.

• Security sandbox violation: BitmapData.draw on CloudFront/S3.

  I'm using Cloudfront/AS3 to stream some video in RTMP.
  When I try to do a Bitmap.draw, I get this error:
  [Fault] exception, information=SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: [my_url] cannot access unknown URL. No policy files granted access.
  Since there is no Application.xml, I can't change the <VideoSampleAccess />.
  My crossdomain.xml is available.
  <cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/> 
  <allow-access-from domain="*"/>
  <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
           </cross-domain-policy>
  My bucket policy is:
    "Version": "2008-10-17",
    "Statement": [
        "Sid": "AddPerm",
        "Effect": "Allow",
        "Principal": {
          "AWS": "*"
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::[my url]/*",
        "Condition": {}
  And this is my CORS configuration:
  <CORSConfiguration>
      <CORSRule>
          <AllowedOrigin>*</AllowedOrigin>
          <AllowedMethod>GET</AllowedMethod>
          <MaxAgeSeconds>3000</MaxAgeSeconds>
          <AllowedHeader>Authorization</AllowedHeader>
      </CORSRule>
  </CORSConfiguration>
  Not sure what I must change to give myself access.
  Thanks
  Martin

  If you don't have access to the server - you will not be able to accomplish BitmapData.draw() on the video or any of its parents. The policy error refers to streaming server side policy. If you look into RTMP traffic - you will see at what point security request goes.
  I don't know what range of services Amazon cloud offers but I could imagine that, since they do offer pretty granular access to application instances, at some level it is possible to gain access to the server or engage their support to help you. I may be wrong though.