Flex 4 + AIR 2 + mx:Image = Security Sandbox Violation!

Hi there!
I've been using Flex 4 and AIR 2 for some time now and there's a bug (or is it really one) that I always get and can't understand...
Whenever I use a <mx:Image> to load an image (JPG) on a remote server that has a valid crossdomain.xml I get some annoying warnings. Of course, these only are warnings and everything runs fine (except that) but it's a pain to debug an app that has lots of logs like that:
*** Security Sandbox Violation ***
SecurityDomain 'http://static-p3.fotolia.com/jpg/00/07/56/92/110_F_7569245_9hdeWKxUxFRNYuowdSDBNv0YFN9xTJ9 S.jpg' tried to access incompatible context 'app:/Main.swf'
I've googled it and found lots of others folks/threads about this, but none of them provide a valid solution... Seems like it's specific to AIR because some answers/solutions I found work in a basic SWF, but fail in an AIR app.
Is that a bug in Flex?
Am I wrong about the crossdomain.xml?
How could a JPG raise a Security Sandbox Violation?
Tips or tricks, anyone?

AIR has different security rules because it doesn't really have a "domain"
to compare against crossdomain.xml.  The warnings are annoying and
misleading and usually indicate that some code is trying to access the
bitmap inside a try/catch block.  Usually you can ignore any warning that
doesn't stop execution.

Similar Messages

  • Air app, Rest service, Security sandbox violation

    Hi All,
      I wrote an app a couple of years ago using flex 3 that connects to a number of remote web services and does various things.
    This worked fine.
    Now I have been asked by the customer to update the app as it stopped working at some point.
    I am trying to use the resthttpservice library to do a PUT operation, but I am getting the following error when I try and create a socket to the remote server:
    Error #2048: Security sandbox violation: app:/main.swf cannot load data from http://my.host:8182
    Now, it's been a while since I've done anything with flex so I am rusty. But this error is usually fixed by having a crossdomains.xml file on the remote server. But it was my understanding that this was only required when one's app was running from within the browser and that desktop applications are not effected.
    Can anyone clarify this for me? It seems that there were changes made to the flash player in version 10 that might have changed this.
    I am very puzzled at this point!
    thanks for any help!

    These articles discuss security changes between FP 9 and 10:
    http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
    http://www.adobe.com/devnet/flashplayer/articles/fplayer9-10_security.html
    What is impacted?
    This change can potentially affect any SWF file accessing cross-domain content. This change affects SWF files of all versions played in Flash Player 10 and later. This change affects all non-app content in Adobe AIR (however, AIR app content itself is unaffected).
    What do I need to do?
    Read the article: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html

  • How to resolve security sandbox violation (Error#2148) in Flex 3 on XP?

    Hi,
    When I tried to access an image on c:\ (on XP), I get the following error:
    *** Security Sandbox Violation ***
    Connection to file:///C:\DBFiles\3.jpg halted - not permitted from http://localhost/test-debug/test.swf
    -- Remote SWFs may not access local files.SecurityError: Error #2148: SWF file http://localhost/ullmanphp-debug/ullmanphp.swf cannot access local resource file:///C:\DBFiles\INDSprintOrgChart.pptx\3.jpg. Only local-with-filesystem and trusted local SWF files may access local resources.
    at flash.display::Loader/_load()
    at flash.display::Loader/load()
    It looks like some sort of mismatch on security settings. I have done the following so far (based on what I got by googling....)
    1. Flex comipler setting additional compiler arguments:  -use-network=false
    2. I have added a crossdomain.xml on the source directory with these lines...
    <site-control permitted-cross-domain-policies="master-only"/>
    <allow-access-from domain="*"/>
    <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
    However, error is still appearing. How do I fix this for testing on my local machine. I cannot move to a webserver at this time.
    Thanks!.

    How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
    Security.sandboxType has one of the following values:
    remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
    localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
    localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
    localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
    application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
    Any input on how to set it would be greatly appreciated. Thanks!

  • Flex == Socklet Policy  == Security sandbox violation ?!?!?!?!

    Please help me with this problem. I'v had this problem for
    over a month
    I'm trying to connect to my C# server through my Flex client.
    Flex client in running on IIS (c:/inetpub/wwwroot)
    the policy file in on the root folder of IIS
    <?xml
    version="1.0"?>
    <cross-domain-policy>
    <allow-access-from domain="*" to-ports="*" secure="false"
    />
    </cross-domain-policy>
    1: I tried to use the loadPolicy method before i connect
    through sockets
    Security.loadPolicyFile("h ttp://localhost/crossdomain.xml");
    (space does not exist in real code)
    2: flex sends this message to server side while connecting
    ("<policy-file-request/>") so as soon as i get this message
    on server side i read the policy text from crossdomain.xml and i
    send ti back to the client.
    eventhough i get a security error the client is still able to
    connect to the server and send messages but it cannot receive any
    message
    I get the following security error:
    [SecurityErrorEvent
    type="securityError" bubbles=false cancelable=false eventPhase=2
    text="Error #2048: Security sandbox violation:
    file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
    load data from 10.0.0.3:8000."]Error #2048: Security sandbox
    violation:
    file:///C:/Inetpub/wwwroot/ClientFlex/bin-debug/Client.swf cannot
    load data from 10.0.0.3:8000.
    y am i still getting this error???????????
    some people suggested to read the log files: but i followed
    all adobe tutorials to turn os loggin, but couldn't get it to work.
    mm.cfg does not exist, log folder for flash player does not exist,
    log.txt for flash player does not exists.

    Hi,
    In the move from Flash Player 9 to 10, Adobe increased the security constraints on sockets. If you are using sockets to connect to an "un-trusted" server, then you will still need a Cross-Domain Policy file, however that policy file must also be served up through sockets (not through HTTP).
    You will need to run a socket server on the server you are connecting to in order to serve up the appropriate XML document through port 843 (by default). This socket server can be implemented in any number of ways, but I use a Java socket server that Thomas over at LessRain has posted on their blog. You can find it here: http://www.blog.lessrain.com/as3-java-socket-connections-to-ports-below-1024/
    Good luck,
    Taylor
    4Point Solutions Ltd.
    http://blogs.4point.com/taylor.bastien/

  • Error #2048: Security sandbox violation

    I've been developing Flex apps for a couple of years now and feel comfortable with my development environment.
    I'm testing out Gumbo in my same environment (new workspace): WAMP based
    My test app works fine on my localhost set up... but when I upload the files to my hosted domain server... I get Error #2048: Security sandbox violation.
    Specifically:
    - I'm invoking an HTTPService by setting the url to a relative path (folder/file in same dir as the swf)
    - I set method to POST and useProxy to false
    (<fx:Declarations>
            <s:HTTPService id="contentService" url="data/verd_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
        </fx:Declarations>)
    - I wrapped the send call in a try / catch block and show an Alert with the error message in the catch... here's what it says
    body = (null)
      clientId = "DirectHTTPChannel0"
      correlationId = "F4B9A542-8B00-5CDB-3C36-1316919FC255"
      destination = ""
      extendedData = (null)
      faultCode = "Channel.Security.Error"
      faultDetail = "Destination: DefaultHTTP"
      faultString = "Security error accessing url"
      headers = (Object)#1
        DSStatusCode = 0
      messageId = "E629F555-EF8B-E535-7CE4-13169662A82A"
      rootCause = (flash.events::SecurityErrorEvent)#2
        bubbles = false
        cancelable = false
        currentTarget = (flash.net::URLLoader)#3
          bytesLoaded = 0
          bytesTotal = 0
          data = (null)
          dataFormat = "text"
        eventPhase = 2
        target = (flash.net::URLLoader)#3
        text = "Error #2048: Security sandbox violation: http://****.com/Main.swf cannot load data from http://localhost:***/data/verd_content.xml?hostport=***t.com&https=N&id=F4B9A542-8B00-5CDB -3C36-1316919FC255."
        type = "securityError"
      timestamp = 0
      timeToLive = 0
    *NOTE: I obfuscated parts of the url for security reasons
    I read the other similar posts here about problems like this when using the PHP / Zend set up... but I checked the .actionScriptProperties file and it does not have any URLs in there (like localhost:port#)
    I'm not using a service-config.xml file in this project... but I have set up WebORB for PHP servers and use that all the time... so I know how that works...
    Is this a bug or am I missing something new in the Gumbo ?
    Again: my swf file is in a folder in the webroot on my ISP
    also inside that folder is another folder with an XML file in it
    I'm setting an HTTPService call using the url parameter on a POST with a relative file path (folder/filename.xml)
    changing the url to an absolute makes no difference...
    thanks in advance for any help

    Sure...
    here's the code that contains both the HTTPService setup and the URLLoader setup... like i said in the original post.. the HTTPService call throws the error described, whereas the URLLoader call does not:
    private var loader : URLLoader = new URLLoader();
    private var req : URLRequest = new URLRequest("data/***dant_content.xml");//path obfuscated
    protected function Application_creationComplete():void
        // This works...
        loader.addEventListener( Event.COMPLETE, parseContent );
        loader.addEventListener( IOErrorEvent.IO_ERROR, contentFault );
        // This does not...
        /* contentService.addEventListener( ResultEvent.RESULT, parseContent );
            contentService.addEventListener(FaultEvent.FAULT, contentFault ); */
        try
            loader.load( req );
        catch (err:Error)
            Alert.show("In Try Catch Error Block: " + err.message);
            currentState='home';
    the HTTPService was set up like this: (again, i obfuscate the URLs for security)
        <fx:Declarations>
            <s:HTTPService id="contentService" url="data/***dant_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
        </fx:Declarations>
    the parseContent function setup in the event listener justs reads the XML file and uses that data to build an image gallery.
    hope this helps (for what its worth: I'm not doing anything serious with Gumbo as of yet due to these kinds of bugs)

  • Security Sandbox Violation Crashes Photoshop

    ====================================================
    Problem:
    ====================================================
    I have a Photoshop extension whose main app launches a popup window, and that popup window displays an image via a HTTP source and it has a custom event.  When a button click dispatches that custom event, and that event listener opens a local file on the system, Photoshop crashes after a Security Sandbox Violation.
    I am building a demo that incorporates LiveCycle DataServices and ColdFusion to synchronize data between a web application and the extension.  Part of the application includes previewing images from the extension over HTTP.  However, to open the image in PS after viewing the preview, I use the Photoshop DOM method open(filePath) which accesses the local file system.
    The problem seems to be that network access and local file access are mutually exclusive in Flash/Flex.  If I use the -use-network=false compiler option, then the image will open properly via the DOM, but then I would not be able to preview the images over HTTP.
    Questions:
    1) Is there a way in the CS SDK to enable *both* local file system access *and* network access?
    2) If not, then can you suggest a workaround?
    3) Would you agree that this would be a defect in Photoshop and that PS should not crash upon a Flash Player security exception?
    Thank you,
    Steven Erat
    ====================================================
    Environment
    ====================================================
    Photoshop CS5 Extended 12.01 x32
    Flash Builder 4
    CS SDK 1.02
    Extension Builder SDK 3.4
    MacBook Pro / OS X 10.5 / Intel Core 2 Duo 2.66 GHz / Procs: 1 / Cores: 2 / Memory: 8 GB
    App configured for Photoshop CS5 and Photoshop CS5 Extended
    ====================================================
    NewsAgencyPhotos.mxml (the main app)
    ====================================================
    <?xml version="1.0" encoding="utf-8"?>
    <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" xmlns="com.stevenerat.news.*"
                    horizontalScrollPolicy="off" verticalScrollPolicy="off" verticalGap="0"
                    layout="vertical" horizontalAlign="left"  backgroundColor="#353535"
                    historyManagementEnabled="false"
                    creationComplete="getPhotos();">
        <mx:Script>
            <![CDATA[
                  ...            public var selectedPhoto:String;
                public function handlePhotoClick(data:Object):void {
                    var PreviewImageWindow:PreviewImage = PreviewImage(PopUpManager.createPopUp(this,PreviewImage,true));
                    var filePath:String = data.dirPath + data.fileName;
                    PreviewImageWindow.addEventListener("openImageEvent",handleImageOpenEvent);
                    PreviewImageWindow.setFileName(data.fileName);
                    PreviewImageWindow.setFilePath(filePath);
                    PreviewImageWindow.y = 0;
                    PreviewImageWindow.x = 0;
                private function handleImageOpenEvent(event:Event):void{
                    dump(event);
                public function dump(obj:Object):void{
                    trace(mx.utils.ObjectUtil.toString(obj));
    ====================================================
    PreviewImage.mxml (the popup)
    ====================================================
    <?xml version="1.0" encoding="utf-8"?>    
    <mx:TitleWindow xmlns:mx="http://www.adobe.com/2006/mxml"  title="Preview Image"
        creationComplete="init();">
        <mx:Metadata>
            [ Event( name="openImageEvent", type="flash.events.Event") ]
        </mx:Metadata>
        <mx:Script>
            <![CDATA[ 
                public function init():void{
                    this.title = 'Previewing:     ' + fileName;
                    previewImg.source = "http://localhost:8500/LR_AUTO/imported/previews/" + fileName;
                    previewImg.visible = true;
                    imgProgressBar.visible=true;
                private function openImage():void{
                    NewsAgencyPhotoshop.open(this.filePath);
                    var openImageEvent:Event = new Event("openImageEvent");
                    dispatchEvent(openImageEvent);
                    closePopup();
    <mx:Button id="btnOpen" label="OPEN" visible="false"  click="openImage()"/>
    ====================================================
    NewsAgencyPhotoshop.as
    ====================================================
            public static function open(filePath:String):void
                var app:Application = Photoshop.app;
                var file:File = new File(filePath);
                app.open(file);
    ====================================================
    Extension Builder console output
    ====================================================
    [SWF] StageManager-2.0.swf - 1,188,270 bytes after decompression
    2/15/2011 10:37:57.747 [INFO] com.adobe.csxs.stagemanager.StageManager creationComplete()
    2/15/2011 10:37:57.765 [INFO] com.adobe.csxs.stagemanager.external.ExternalEventReceiver ExternalInterface callback registered.
    2/15/2011 10:37:57.767 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver ExternalInterface callback registered.
    2/15/2011 10:37:57.770 [INFO] com.adobe.csxs.command.GetPendingStageManagerIdCommand calling GetPendingStageManagerId through ExternalInterface
    2/15/2011 10:37:57.784 [INFO] com.adobe.csxs.command.GetPendingStageManagerIdCommand execute() PlugPlug returned StageManager ID.
    2/15/2011 10:37:57.828 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CH
    2/15/2011 10:37:57.829 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.example.helloworld.extension1
    2/15/2011 10:37:57.830 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension BASICAMFCONNECTOR
    2/15/2011 10:37:57.830 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CSREVIEW
    2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension HELLOPHO
    2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension KLR
    2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.stevenerat.news.extension1
    2/15/2011 10:37:57.832 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CREATENEWCSREVIEW
    2/15/2011 10:37:57.832 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension NETAVERAGES
    2/15/2011 10:37:57.833 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.adobe.rc.mymessages
    2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CHWE
    2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.adobe.rc.operationalmessages
    2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension STORY
    2/15/2011 10:37:57.835 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension FRIO
    2/15/2011 10:37:57.835 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension MINIBR
    2/15/2011 10:37:57.836 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension BLCSLIVE
    2/15/2011 10:37:57.837 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CHSIGNIN
    2/15/2011 10:37:57.837 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension swfpanel-onOne-0
    2/15/2011 10:37:57.838 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader ExtensionLoader() registering ExternalInterface callback loadExtension
    2/15/2011 10:37:57.839 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader ExtensionLoader() registering ExternalInterface callback unloadExtension
    2/15/2011 10:37:57.840 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader checkLoadingQueue()
    2/15/2011 10:37:57.842 [INFO] com.adobe.csxs.command.GetLoadingQueueCommand calling GetLoadingQueue through ExternalInterface
    2/15/2011 10:37:57.846 [INFO] com.adobe.csxs.command.GetLoadingQueueCommand execute() PlugPlug returned extensions to be loaded.
    2/15/2011 10:37:57.847 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader loadExtension() com.stevenerat.news.extension1
    2/15/2011 10:37:57.851 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Extension com.stevenerat.news.extension1 is not a plugin extension -> validating.
    2/15/2011 10:37:57.857 [INFO] com.adobe.csxs.stagemanager.security.impl.ExtensionValidator In debug mode the extension signature is not validated.
    2/15/2011 10:37:57.861 [INFO] com.adobe.csxs.command.SetExtensionSignedCommand calling SetIsSigned through ExternalInterface
    2/15/2011 10:37:58.071 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager doLoadExtension() Extension com.stevenerat.news.extension1 loaded.
    2/15/2011 10:37:58.185 [INFO] com.adobe.csxs.stagemanager.window.ExtensionWindow onCreationComplete()
    [SWF] Users/stevenerat/Library/Application Support/Adobe/CS5ServiceManager/extensions/com.stevenerat.news/NewsAgencyPhotos.swf - 1,958,036 bytes after decompression
    2/15/2011 10:37:58.398 [INFO] com.adobe.csxs.stagemanager.window.ExtensionWindow Loading of extension com.stevenerat.news.extension1 complete.
    2/15/2011 10:37:58.400 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher Loading of extension com.stevenerat.news.extension1 complete.
    2/15/2011 10:37:58.503 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
    2/15/2011 10:37:58.504 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
    2/15/2011 10:37:59.426 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLifeCycleNotifier onExtensionComplete()
    2/15/2011 10:37:59.428 [INFO] com.adobe.csxs.command.SetExtensionLoadedCommand calling SetIsLoaded through ExternalInterface
    2/15/2011 10:37:59.430 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLifeCycleNotifier dispatchInvokeEvent()
    2/15/2011 10:37:59.433 [INFO] com.adobe.csxs.command.CheckStartOnEventCommand calling CheckStartOnEvent through ExternalInterface for com.stevenerat.news.extension1
    2/15/2011 10:37:59.437 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowStateManager onExtensionComplete()
    2/15/2011 10:37:59.445 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
    2/15/2011 10:37:59.451 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
    2/15/2011 10:37:59.451 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
    2/15/2011 10:37:59.488 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
    2/15/2011 10:37:59.488 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
    2/15/2011 10:38:03.763 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
    2/15/2011 10:38:16.926 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
    2/15/2011 10:38:17.236 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
    2/15/2011 10:38:17.237 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
    *** Security Sandbox Violation ***
    SecurityDomain 'http://localhost:8500/LR_AUTO/imported/ERAT_STEVEN_20110122_060.jpg' tried to access incompatible context 'app:/StageManager-2.0.swf'

    I solved this issue by creating a symbolic link on the file system so that my CS SDK project src folder now sees the directory in the file system webroot that it was previously accessing images over HTTP.  The extension only sees resources over the local filesystem, not the network.
    A bit of a kludge, but it would be great to have the CS SDK APE player provide a way to access the network and the file system.  At the moment, I'm not aware of one.
    And I'll just add that although I have a workaround, it still seems like a defect that PS would crash on a sandbox exception.
    Thanks for reading!

  • Security Sandbox violation, opening links in Flash player

    Hi,
    I have a swf content and its content served from a content management server say for eg, http://www9.abc.com into the html file which is served from http://qwww9.abc.com The links embedded in the flash were not working, when these links are clicked I get this error when tried with Flash debugger player.
    *** Security Sandbox Violation ***SecurityDomain 'http://qwww9.abc.com/' tried to access incompatible context 'https://www9.abc.com/sample.swf'
    I had set a crossdomain policy file in a custom location in the content management server for this issue, but with the Flash player 9,0,115,0 this stopped working due to default policy change to "master-only". I will not be able to have this policy file in the root folder of the content management server or have the policy set in the HTTP response header.
    Is there anyother solution for this issue, for having the links work without setting the crossdomain policy file?
    Thanks in advance...

    How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
    Security.sandboxType has one of the following values:
    remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
    localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
    localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
    localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
    application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
    Any input on how to set it would be greatly appreciated. Thanks!

  • Youtube: security sandbox violation

    Does anybody have a recipe for loading the AS3 chromeless player into a Flex application such that you don't get the 'incompatible context' errors constantly?
    *** Security Sandbox Violation ***
    SecurityDomain 'http://core-dev.thismoment.com/client/Demo.html' tried to access incompatible context 'http://www.youtube.com/apiplayer?version=3'
    I've been experimenting all day with  Security.allowDomain, Security.allowInsecureDomain, and  LoaderContext, but I haven't found the magic combination yet. The  main thing I want to do is be able to track the mouse wherever it goes on the screen.  Right now, if I mouse over the YouTube player, mouse events stop getting sent to the application, and I get that sandbox violation error in the debug log.  It works fine if I run the swf from a file: URL - it just doesn't work when it's coming over http, so obviously there is some sort of Flash security model thing kicking in.

    Doors only get opened from the inside otherwise all the bad guys would come
    in.
    Only the loaded SWF can allow access from the loading SWF.

  • Error #2048: Security sandbox violation: Urgent Checked the forum none of the solutions worked

    Hi all,
        I am new to flex . I am trying to connect to my localhost using the XMLSocket like below
        var xmlsock:XMLSocket = new XMLSocket(); // Line #187
        xmlsock.connect(127.0.0.1, 8080);
        xmlsock.send(xml);
      But after a Minute I get this below error
      Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: app:/main.swf cannot load data from 127.0.0.1:8080.
        at main/handleLogin()[C:\Documents and Settings\Vulcantech\My Documents\Flex Builder 3\src\main.mxml:187]
        at flash.events::EventDispatcher/dispatchEventFunction()
        at flash.events::EventDispatcher/dispatchEvent()
        at mx.rpc.http.mxml::HTTPService/http://www.adobe.com/2006/flex/mx/internal::dispatchRpcEvent()[C:\autobuild\3.2.0\framewor ks\projects\rpc\src\mx\rpc\http\mxml\HTTPService.as:290]
        at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal::resultHandler()[C:\autobuild\3.2.0\frameworks\ projects\rpc\src\mx\rpc\AbstractInvoker.as:193]
        at mx.rpc::Responder/result()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\rpc\Responde r.as:43]
        at mx.rpc::AsyncRequest/acknowledge()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\rpc\ AsyncRequest.as:74]
        at DirectHTTPMessageResponder/completeHandler()[C:\autobuild\3.2.0\frameworks\projects\rpc\s rc\mx\messaging\channels\DirectHTTPChannel.as:403]
        at flash.events::EventDispatcher/dispatchEventFunction()
        at flash.events::EventDispatcher/dispatchEvent()
        at flash.net::URLLoader/onComplete()
    Thanks in advance
    Balaji

    Hi Alex,
       Thanks for the Link . I saw the link and have done the same steps as said in that . I have created a crossdomain.xml file in my 127.0.0.1 and i can also see that the policy being accepted in the  "C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\Logs" . I have pasted the lines in policyfiles.txt below.
        OK: Root-level SWF loaded: app:/main.swf
        OK: Policy file accepted: http://127.0.0.1/crossdomain.xml
       But I still get that sandbox violation error. I have tried the below solutions and none of them worked
           1) security.allowDomain("*");
           2) crossdomain xml in the webroot of the accessing server like below
                        <?xml version="1.0"?>
                         <!DOCTYPE cross-domain-policy SYSTEM “http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd”> 
                         <cross-domain-policy>
                            <site-control permitted-cross-domain-
    policies="all" />
                             <allow-access-from domain="*" to-ports="*" />
                       </cross-domain-policy>
           3) I saw that adding the Application path in the  "C:\Documents and Settings\username\Application Data\Flash Player\#Security\FlashPlayerTrust\flexbuilder.cfg" will remove the sandbox violation but this also didnt work        
           4)  "Project - Properties - Flex Compiler - Additional compiler arguments:" add   -use-network=true  and then recompile and post to server
           5) I have also checked the policy file logs
    Thanks in advance
    Balaji

  • That old chestnut: *** Security Sandbox Violation *** clogging the debug trace

    Hi,
    I am attempting to debug a project for Flash Mobile and getting very irritated by *** Security Sandbox Violation *** warnings whenever I move, touch or interact with the application in any way whatsoever. These typically fire two or three _PAGES_ of warnings for a simple drag operation... Because there are so many of these warnings, the debug trace is effectively redundant and useless unless I actively insert a manual break point immediately after the traces I want to view - fine for a comms operation, not so useful when attempting to debug coordinates for a drag operation.
    The cause, obviously, is that I have loaded external content for display in a SWFLoader component...
    Because I am in AIR for mobile, I cannot access Security to allow the domain and crossdomain from the content provider is ignored or not loaded.
    I have found a number of references to this ranging from very recent to several years ago, such as this one which indicates a) the trace is a bug and b) something was being done about it: http://forums.adobe.com/thread/576999
    I cannot find any reference to a fix ever being implemented and the trace issue is driving me nuts.
    Please, please, please can somebody direct me to a workaround to hide this? I've tried all kinds of disabling for mouse events, keyboard events, mouse children etc.
    Thanks,
    Overwhelmed-in-the-traces of Dublin

    Is it bad form to bump?
    G

  • Day 1 Ex. 3 Help! Error: Security Sandbox Violation

    When I run the solution code in Flex Builder, I get a ***
    Security Sandbox Violation *** message when debugging. Although,
    when I changed my default browser to Safari, everything seemed to
    work fine. Also, when I go directly to the bin-debug folder and
    opened the "AdobeODT.html" file, the data from the xml file loads
    properly. I played around with the "crossdomain.xml" solutions I've
    been finding on the net, but couldn't get it to work. Anyone else
    running into this problem? Any help would be greatly appreciated.
    Thanks.
    Running:
    Mac OS X 10.5.6
    Flex Builder 3
    FireFox (current)
    Safari (current)
    Opera (current)

    Hi everybody who is experiencing this same problem. A little
    research online directed me to the following page
    http://www.jetbrains.net/jira/browse/IDEA-21996.
    Which contains a good explanation why this is happening:
    quote:
    A SWF file can access one type of external resource only,
    either local or over a network; it cannot access both types. You
    determine the type of access allowed by the SWF file by using the
    use-network flag when you compile your application. When
    use-network flag is set to false, you can access resources in the
    local filesystem, but not over the network. The default value is
    true, which allows you to access resources over the network, but
    not in the local filesystem.
    So a sollution for this problem is:
    quote:
    you may specify the following string in "Additional compiler
    options" at "Flex Compiler Settings" tab: -use-network=false
    Hope this helps all of you experiencing this problem.

  • *** Security Sandbox Violation *** when calling a You Tube video

    Hi,
    I get an error when I run my SWF, it says
    *** Security Sandbox Violation ***
    SecurityDomain 'http://s.ytimg.com/yt/swfbin/apiplayer3-vflS6GT64.swf' tried to access incompatible context 'file:///C|/Users/mww/web/crafty%20copy/10%2D11.swf'
    My code is
    // start of code
    Security.allowDomain("www.youtube.com");
    var my_playerbject;
    var my_loader:Loader = new Loader();
    my_loader.load(new URLRequest("http://www.youtube.com/apiplayer?version=3"));
    my_loader.contentLoaderInfo.addEventListener(Event .INIT, onLoaderInit);
    function onLoaderInit(e:Event):void{
    movArticles.movArticle2.videoPlayerHolder.videoMov 2.addChild(my_loader);
    my_player = my_loader.content;
    my_player.addEventListener("onReady", onPlayerReady);
    function onPlayerReady(e:Event):void{
    my_player.setSize(640,360);
    my_player.cueVideoById("CtOj8kpLIlI",0);
    // end of code
    Any help would be much apreciated, Thanks

    I tried adding those, as well as these :
    Security.allowDomain("www.youtube.com");
    Security.allowDomain("s.ytimg.com");
    Security.allowDomain("s2.ytimg.com");
    Security.allowDomain("*.youtube.com");
    Security.allowDomain("*.ytimg.com");
    Security.allowDomain("com.google.utils.SafeLoader");
    Security.allowDomain("http://s.ytimg.com");
    Security.allowDomain("http://www.youtube.com/apiplayer?version=3");
    Security.allowDomain("o-o.preferred.lhr14s07.v15.lscache6.c.youtube.com");
    Security.allowDomain("i1.ytimg.com");
    Security.allowDomain("i2.ytimg.com");
    Security.allowDomain("i3.ytimg.com");
    Security.allowDomain("i4.ytimg.com");
    Security.allowDomain("http://www.youtube.com");
    Security.allowDomain("googleads.g.doubleclick.net");
    Security.allowDomain("gdata.youtube.com");
    Security.allowDomain("http://s0.2mdn.net");
    Security.allowDomain("http://pagead2.googlesyndication.com");
    Security.loadPolicyFile("http://www.youtube.com/crossdomain.xml");
    Security.loadPolicyFile("http://s2.youtube.com/crossdomain.xml");
    Security.loadPolicyFile("www.youtube.com");
    Security.loadPolicyFile("http://www.youtube.com");
    Security.loadPolicyFile("s.ytimg.com");
    Security.loadPolicyFile("http://s.ytimg.com");
    Security.loadPolicyFile("s2.ytimg.com");
    Security.loadPolicyFile("i1.ytimg.com");
    Security.loadPolicyFile("i2.ytimg.com");
    Security.loadPolicyFile("i3.ytimg.com");
    Security.loadPolicyFile("googleads.g.doubleclick.net");
    Security.loadPolicyFile("gdata.youtube.com");
    Security.allowInsecureDomain("www.youtube.com");
    Security.allowInsecureDomain("http://www.youtube.com");
    Security.allowInsecureDomain("*.youtube.com");
    Security.allowInsecureDomain("s.ytimg.com");
    Security.allowInsecureDomain("http://s.ytimg.com");
    Security.allowInsecureDomain("s2.ytimg.com");
    Security.allowInsecureDomain("*.ytimg.com");
    Security.allowInsecureDomain("i1.ytimg.com");
    Security.allowInsecureDomain("i2.ytimg.com");
    Security.allowInsecureDomain("i3.ytimg.com");
    Security.allowInsecureDomain("googleads.g.doubleclick.net");
    Security.allowInsecureDomain("gdata.youtube.com")
    YouTube's own ActionScript player example gives the same warnings. I think it might be something to do with the way the API is loaded, because instead of using a Loader & URLRequest I use:
    <s:SWFLoader id="swfload" source="http://www.youtube.com/apiplayer?version=3"/>
    Then in ActionScript:
    protected var player:Object;
    player=swfload.content;
    Then access the API like this:
    player.setPlaybackQuality(q);
    Every attempt I made to use a Loader resulted in an error when accessing the API: "Access of undefined property setPlaybackQuality", but when loaded into an Object like YouTube's own example, Flex does not check for these functions before compiling and accesses them after they have loaded. I tried finding out about bridges among other things, but even the YouTube forums cannot answer this one and it is a common problem.
                Security.allowDomain("www.youtube.com");
                Security.allowDomain("s.ytimg.com");
                Security.allowDomain("s2.ytimg.com");
                Security.allowDomain("*.youtube.com");
                Security.allowDomain("*.ytimg.com");
                Security.allowDomain("com.google.utils.SafeLoader");
                Security.allowDomain("http://s.ytimg.com");
                Security.allowDomain("http://www.youtube.com/apiplayer?version=3");
                Security.allowDomain("o-o.preferred.lhr14s07.v15.lscache6.c.youtube.com");
                Security.allowDomain("i1.ytimg.com");
                Security.allowDomain("i2.ytimg.com");
                Security.allowDomain("i3.ytimg.com");
                Security.allowDomain("i4.ytimg.com");
                Security.allowDomain("http://www.youtube.com");
                Security.allowDomain("googleads.g.doubleclick.net");
                Security.allowDomain("gdata.youtube.com");
                Security.allowDomain("http://s0.2mdn.net");
                Security.allowDomain("http://pagead2.googlesyndication.com");
                Security.loadPolicyFile("http://www.youtube.com/crossdomain.xml");
                Security.loadPolicyFile("http://s2.youtube.com/crossdomain.xml");
                Security.loadPolicyFile("www.youtube.com");
                Security.loadPolicyFile("http://www.youtube.com");
                Security.loadPolicyFile("s.ytimg.com");
                Security.loadPolicyFile("http://s.ytimg.com");
                Security.loadPolicyFile("s2.ytimg.com");
                Security.loadPolicyFile("i1.ytimg.com");
                Security.loadPolicyFile("i2.ytimg.com");
                Security.loadPolicyFile("i3.ytimg.com");
                Security.loadPolicyFile("googleads.g.doubleclick.net");
                Security.loadPolicyFile("gdata.youtube.com");
                Security.allowInsecureDomain("www.youtube.com");
                Security.allowInsecureDomain("http://www.youtube.com");
                Security.allowInsecureDomain("*.youtube.com");
                Security.allowInsecureDomain("s.ytimg.com");
                Security.allowInsecureDomain("http://s.ytimg.com");
                Security.allowInsecureDomain("s2.ytimg.com");
                Security.allowInsecureDomain("*.ytimg.com");
                Security.allowInsecureDomain("i1.ytimg.com");
                Security.allowInsecureDomain("i2.ytimg.com");
                Security.allowInsecureDomain("i3.ytimg.com");
                Security.allowInsecureDomain("googleads.g.doubleclick.net");
                Security.allowInsecureDomain("gdata.youtube.com")

  • HTTPService Security Sandbox Violation

    Hello there.
    Using the HTTPService component to the URL that is seen
    below,
    I get the following message:
    [SWF]
    D:\AdobeFlexTraining\_workspace\AdobeODT\bin-debug\AdobeODT.swf -
    1,042,346 bytes after decompression
    *** Security Sandbox Violation ***
    Connection to
    212.199.178.211:4000/WebLogger/Logger?op=get%5Froute&UNIT%5FID=demo
    halted - not permitted from
    file://D:\AdobeFlexTraining\_workspace\AdobeODT\bin-debug\AdobeODT.swf
    I have a trial version of Flex Builder 3.
    How can I run this request, nevertheless.
    Thanks

    Probably FB, being an IDE, allows you to act as if you were
    on the network, so -use-network=true may be ignored (unless you
    execute the SWF outside of FB).
    The command line probably respects -use-network=true so for
    testing set to false, and when putting the SWF on the network set
    to true.

  • Security sandbox violation

    Can someone please help me see what's wrong with this picture?  Why is this security error happening?  Is there something I need to change with my crossdomain.xml file?
    LoadURL loadError [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: http://www.mysite/mySWF.swf cannot load data from http://mysite.com/scripts/myScript.php."]
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <site-control permitted-cross-domain-policies="master-only" />
    <cross-domain-policy>
    <allow-access-from domain="mysite.com" />
    <allow-access-from domain="www.mysite.com" />
    <allow-access-from domain="*.mysite.com" />
    </cross-domain-policy>

    nevermind, idk why I put the site control node outside of the cross-domain-policy root.

  • *** Security Sandbox Violation *** problem

    Dear All,
    I having the Security problem
    My Scinarion
    I have an Exe (With SWISH Studio) / Swf file which is on Local Machine calles a swf file which on Server and that Swf file call a XML file which is on a Same Server
    While Compiling the SWF file gives the following error message of
    *** Security Sandbox Violation ***
    SecurityDomain 'http://www.mydomain.com/folder/swfname.swf?mathrand=Wed Apr 8 19:39:27 GMT+0530 2009' tried to access incompatible context 'file:///D|/folder/swfname.swf'
    I have already tried for
    System.security.allowDomain("*");   and   crossdomain.xml
    But it dosen't worked for me
    I will appriciate if any one can give me a ray of hope to solve this problem
    Please give me some solution
    Regards
    Raj

    Dear Kglad,
    Thanks for your instant reply as I have already mention I have tried with crossdomain.xml
    If you want to check the crossdomain and the fla files then I will mail u the details please provide me the email address
    Once again thanks
    Regards
    Raj

Maybe you are looking for

  • Can't find my music in iTunes - new hard drive

    I just had my computer repaired and they replaced the hard drive. Before I took it in for repair, I backed up all my data including music. But to do this I just copied all my files onto an external hard drive (I did not use any specific back up progr

  • Using the Axis Framework in the SOAP Adapter

    Hello experts, I am currenty checking how I can easily manipulate sender and receiver details and how I could get attachments into XI. I saw in the sap help that it is possible to use the AXIS framework from the SOAP adapter: http://help.sap.com/saph

  • ECS payment using F110

    Dear Friends, We are using F110 for Vendor Payments for printing cheques . Now we want to make Vendor Payment through ECS . Please guide me how we can do it ? Regards Nilesh Vakil

  • 13" macbook pro can't detect tv

    So once again I am wondering if anyone can offer a solution for this problem; my 13'' macbook pro will not detect any tv that it is connected to.  I have tried both a 42'' Vizio and a 40" Samsung.  I got it to connect two times, and then nothing. Hel

  • Color difference in prints between LR vs printer managed colors

    Hi, I get a slight difference in color in my prints my when I use LR prifile vs Canon printer managed. The Canon is much truer to what I see on both monitors which, btw, are calibrated. LR throws in a slight magenta cast. Is there a way to correct th