Reader X Security Sandbox - adding exceptions (plugin)
The "Inside Adobe Reader X protected mode" articles briefly mention that the Sandbox should be programmatically configurable (using AddRule()).
Also the reader X SDK should contain some sample code for adding rules, but I don't see the example anywhere. Searching the whole SDK for terms like "broker", "sandbox" or "addrule" also doesn't find anything.
How to configure the security sandbox to allow writing to a specific location in the registry (under HKCU)?
How to configure the security sandbox to allow writing to a specific directory on the filesystem?
I've read ur post on your blog and replied to it but i didn't see my reply being posted.
The issue with us is that whenever we open Adobe Reader our plugin opens "myApp.exe".
with protected mode on, it gives an exception: shell execute exeception cannot launch "myApp.exe" (something like that)
and in the protected mode Log on, i can see that we need to use the whitelist policy " process_All_exec"
using that pointing to our "myApp.exe" this removes the initial error but tries to open "myApp.exe" from C:\Windows\sytem32 which is weird because "myApp.exe" is in programFiles.
and in your blog i read something dangerous "The general rule seems to be: don’t try to talk to other processes " if so, why do we have process_all_exec ?
i am kinda turning in looops in all the forums... and no real solution, no samples..
Similar Messages
-
Security Sandbox Violation Crashes Photoshop
====================================================
Problem:
====================================================
I have a Photoshop extension whose main app launches a popup window, and that popup window displays an image via a HTTP source and it has a custom event. When a button click dispatches that custom event, and that event listener opens a local file on the system, Photoshop crashes after a Security Sandbox Violation.
I am building a demo that incorporates LiveCycle DataServices and ColdFusion to synchronize data between a web application and the extension. Part of the application includes previewing images from the extension over HTTP. However, to open the image in PS after viewing the preview, I use the Photoshop DOM method open(filePath) which accesses the local file system.
The problem seems to be that network access and local file access are mutually exclusive in Flash/Flex. If I use the -use-network=false compiler option, then the image will open properly via the DOM, but then I would not be able to preview the images over HTTP.
Questions:
1) Is there a way in the CS SDK to enable *both* local file system access *and* network access?
2) If not, then can you suggest a workaround?
3) Would you agree that this would be a defect in Photoshop and that PS should not crash upon a Flash Player security exception?
Thank you,
Steven Erat
====================================================
Environment
====================================================
Photoshop CS5 Extended 12.01 x32
Flash Builder 4
CS SDK 1.02
Extension Builder SDK 3.4
MacBook Pro / OS X 10.5 / Intel Core 2 Duo 2.66 GHz / Procs: 1 / Cores: 2 / Memory: 8 GB
App configured for Photoshop CS5 and Photoshop CS5 Extended
====================================================
NewsAgencyPhotos.mxml (the main app)
====================================================
<?xml version="1.0" encoding="utf-8"?>
<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" xmlns="com.stevenerat.news.*"
horizontalScrollPolicy="off" verticalScrollPolicy="off" verticalGap="0"
layout="vertical" horizontalAlign="left" backgroundColor="#353535"
historyManagementEnabled="false"
creationComplete="getPhotos();">
<mx:Script>
<![CDATA[
... public var selectedPhoto:String;
public function handlePhotoClick(data:Object):void {
var PreviewImageWindow:PreviewImage = PreviewImage(PopUpManager.createPopUp(this,PreviewImage,true));
var filePath:String = data.dirPath + data.fileName;
PreviewImageWindow.addEventListener("openImageEvent",handleImageOpenEvent);
PreviewImageWindow.setFileName(data.fileName);
PreviewImageWindow.setFilePath(filePath);
PreviewImageWindow.y = 0;
PreviewImageWindow.x = 0;
private function handleImageOpenEvent(event:Event):void{
dump(event);
public function dump(obj:Object):void{
trace(mx.utils.ObjectUtil.toString(obj));
====================================================
PreviewImage.mxml (the popup)
====================================================
<?xml version="1.0" encoding="utf-8"?>
<mx:TitleWindow xmlns:mx="http://www.adobe.com/2006/mxml" title="Preview Image"
creationComplete="init();">
<mx:Metadata>
[ Event( name="openImageEvent", type="flash.events.Event") ]
</mx:Metadata>
<mx:Script>
<![CDATA[
public function init():void{
this.title = 'Previewing: ' + fileName;
previewImg.source = "http://localhost:8500/LR_AUTO/imported/previews/" + fileName;
previewImg.visible = true;
imgProgressBar.visible=true;
private function openImage():void{
NewsAgencyPhotoshop.open(this.filePath);
var openImageEvent:Event = new Event("openImageEvent");
dispatchEvent(openImageEvent);
closePopup();
<mx:Button id="btnOpen" label="OPEN" visible="false" click="openImage()"/>
====================================================
NewsAgencyPhotoshop.as
====================================================
public static function open(filePath:String):void
var app:Application = Photoshop.app;
var file:File = new File(filePath);
app.open(file);
====================================================
Extension Builder console output
====================================================
[SWF] StageManager-2.0.swf - 1,188,270 bytes after decompression
2/15/2011 10:37:57.747 [INFO] com.adobe.csxs.stagemanager.StageManager creationComplete()
2/15/2011 10:37:57.765 [INFO] com.adobe.csxs.stagemanager.external.ExternalEventReceiver ExternalInterface callback registered.
2/15/2011 10:37:57.767 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver ExternalInterface callback registered.
2/15/2011 10:37:57.770 [INFO] com.adobe.csxs.command.GetPendingStageManagerIdCommand calling GetPendingStageManagerId through ExternalInterface
2/15/2011 10:37:57.784 [INFO] com.adobe.csxs.command.GetPendingStageManagerIdCommand execute() PlugPlug returned StageManager ID.
2/15/2011 10:37:57.828 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CH
2/15/2011 10:37:57.829 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.example.helloworld.extension1
2/15/2011 10:37:57.830 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension BASICAMFCONNECTOR
2/15/2011 10:37:57.830 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CSREVIEW
2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension HELLOPHO
2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension KLR
2/15/2011 10:37:57.831 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.stevenerat.news.extension1
2/15/2011 10:37:57.832 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CREATENEWCSREVIEW
2/15/2011 10:37:57.832 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension NETAVERAGES
2/15/2011 10:37:57.833 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.adobe.rc.mymessages
2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CHWE
2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension com.adobe.rc.operationalmessages
2/15/2011 10:37:57.834 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension STORY
2/15/2011 10:37:57.835 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension FRIO
2/15/2011 10:37:57.835 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension MINIBR
2/15/2011 10:37:57.836 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension BLCSLIVE
2/15/2011 10:37:57.837 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension CHSIGNIN
2/15/2011 10:37:57.837 [INFO] com.adobe.csxs.stagemanager.model.ExtensionManager Adding extension swfpanel-onOne-0
2/15/2011 10:37:57.838 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader ExtensionLoader() registering ExternalInterface callback loadExtension
2/15/2011 10:37:57.839 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader ExtensionLoader() registering ExternalInterface callback unloadExtension
2/15/2011 10:37:57.840 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader checkLoadingQueue()
2/15/2011 10:37:57.842 [INFO] com.adobe.csxs.command.GetLoadingQueueCommand calling GetLoadingQueue through ExternalInterface
2/15/2011 10:37:57.846 [INFO] com.adobe.csxs.command.GetLoadingQueueCommand execute() PlugPlug returned extensions to be loaded.
2/15/2011 10:37:57.847 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLoader loadExtension() com.stevenerat.news.extension1
2/15/2011 10:37:57.851 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Extension com.stevenerat.news.extension1 is not a plugin extension -> validating.
2/15/2011 10:37:57.857 [INFO] com.adobe.csxs.stagemanager.security.impl.ExtensionValidator In debug mode the extension signature is not validated.
2/15/2011 10:37:57.861 [INFO] com.adobe.csxs.command.SetExtensionSignedCommand calling SetIsSigned through ExternalInterface
2/15/2011 10:37:58.071 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager doLoadExtension() Extension com.stevenerat.news.extension1 loaded.
2/15/2011 10:37:58.185 [INFO] com.adobe.csxs.stagemanager.window.ExtensionWindow onCreationComplete()
[SWF] Users/stevenerat/Library/Application Support/Adobe/CS5ServiceManager/extensions/com.stevenerat.news/NewsAgencyPhotos.swf - 1,958,036 bytes after decompression
2/15/2011 10:37:58.398 [INFO] com.adobe.csxs.stagemanager.window.ExtensionWindow Loading of extension com.stevenerat.news.extension1 complete.
2/15/2011 10:37:58.400 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher Loading of extension com.stevenerat.news.extension1 complete.
2/15/2011 10:37:58.503 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
2/15/2011 10:37:58.504 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
2/15/2011 10:37:59.426 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLifeCycleNotifier onExtensionComplete()
2/15/2011 10:37:59.428 [INFO] com.adobe.csxs.command.SetExtensionLoadedCommand calling SetIsLoaded through ExternalInterface
2/15/2011 10:37:59.430 [INFO] com.adobe.csxs.stagemanager.extension.impl.ExtensionLifeCycleNotifier dispatchInvokeEvent()
2/15/2011 10:37:59.433 [INFO] com.adobe.csxs.command.CheckStartOnEventCommand calling CheckStartOnEvent through ExternalInterface for com.stevenerat.news.extension1
2/15/2011 10:37:59.437 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowStateManager onExtensionComplete()
2/15/2011 10:37:59.445 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
2/15/2011 10:37:59.451 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
2/15/2011 10:37:59.451 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
2/15/2011 10:37:59.488 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
2/15/2011 10:37:59.488 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
2/15/2011 10:38:03.763 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
2/15/2011 10:38:16.926 [INFO] com.adobe.csxs.stagemanager.window.impl.SWFEventDispatcher dispatchEventToExtension() Dispatching event of type com.adobe.csxs.events::StateChangeEvent to extension com.stevenerat.news.extension1
2/15/2011 10:38:17.236 [INFO] com.adobe.csxs.stagemanager.external.CSXSEventReceiver receiveExternalEvent() dispatching CSXSEvent to all extensions...
2/15/2011 10:38:17.237 [INFO] com.adobe.csxs.stagemanager.window.impl.WindowManager Dispatching event of type com.adobe.csxs.internally.events.BroadcastEvent to all extensions.
*** Security Sandbox Violation ***
SecurityDomain 'http://localhost:8500/LR_AUTO/imported/ERAT_STEVEN_20110122_060.jpg' tried to access incompatible context 'app:/StageManager-2.0.swf'I solved this issue by creating a symbolic link on the file system so that my CS SDK project src folder now sees the directory in the file system webroot that it was previously accessing images over HTTP. The extension only sees resources over the local filesystem, not the network.
A bit of a kludge, but it would be great to have the CS SDK APE player provide a way to access the network and the file system. At the moment, I'm not aware of one.
And I'll just add that although I have a workaround, it still seems like a defect that PS would crash on a sandbox exception.
Thanks for reading! -
How to resolve security sandbox violation (Error#2148) in Flex 3 on XP?
Hi,
When I tried to access an image on c:\ (on XP), I get the following error:
*** Security Sandbox Violation ***
Connection to file:///C:\DBFiles\3.jpg halted - not permitted from http://localhost/test-debug/test.swf
-- Remote SWFs may not access local files.SecurityError: Error #2148: SWF file http://localhost/ullmanphp-debug/ullmanphp.swf cannot access local resource file:///C:\DBFiles\INDSprintOrgChart.pptx\3.jpg. Only local-with-filesystem and trusted local SWF files may access local resources.
at flash.display::Loader/_load()
at flash.display::Loader/load()
It looks like some sort of mismatch on security settings. I have done the following so far (based on what I got by googling....)
1. Flex comipler setting additional compiler arguments: -use-network=false
2. I have added a crossdomain.xml on the source directory with these lines...
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
However, error is still appearing. How do I fix this for testing on my local machine. I cannot move to a webserver at this time.
Thanks!.How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
Security.sandboxType has one of the following values:
remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
Any input on how to set it would be greatly appreciated. Thanks! -
Flex 4 + AIR 2 + mx:Image = Security Sandbox Violation!
Hi there!
I've been using Flex 4 and AIR 2 for some time now and there's a bug (or is it really one) that I always get and can't understand...
Whenever I use a <mx:Image> to load an image (JPG) on a remote server that has a valid crossdomain.xml I get some annoying warnings. Of course, these only are warnings and everything runs fine (except that) but it's a pain to debug an app that has lots of logs like that:
*** Security Sandbox Violation ***
SecurityDomain 'http://static-p3.fotolia.com/jpg/00/07/56/92/110_F_7569245_9hdeWKxUxFRNYuowdSDBNv0YFN9xTJ9 S.jpg' tried to access incompatible context 'app:/Main.swf'
I've googled it and found lots of others folks/threads about this, but none of them provide a valid solution... Seems like it's specific to AIR because some answers/solutions I found work in a basic SWF, but fail in an AIR app.
Is that a bug in Flex?
Am I wrong about the crossdomain.xml?
How could a JPG raise a Security Sandbox Violation?
Tips or tricks, anyone?AIR has different security rules because it doesn't really have a "domain"
to compare against crossdomain.xml. The warnings are annoying and
misleading and usually indicate that some code is trying to access the
bitmap inside a try/catch block. Usually you can ignore any warning that
doesn't stop execution. -
AIR, Fonts, CS4 and the security sandbox
I have no idea why embedding fonts in CS4 using library->new font includes every european character EXCEPT polish. You have german, french, spanish, norwegian, but not polish. Well, since embedding a font from Flash is the only way to use bitmap fonts in Flex, I had to create a library of external font files, one SWF per font size and style. Such an SWF exposes several functions, such as returning a ready to use pre-formatted textfield, returning the font name (Such as Tahoma) and the font name you actually need to use (such as Tahoma_13pt_st).
I thought I'd need an AIR application to parse through all the fonts (and there are quite a few) extract the neccesary data, such as font size, name and so on and generate an XML file, so that I can load fonts at dynamic.
The first problem I encountered was the security sandbox. A possible solution was to use the loaderInfo.childSandboxBridge. That approach didn't work however, as I was generating plain SWF files from flash CS4. childSandboxBridge is an AIR property, so I had to create an AIR file and try to set the bridge property to a simple number. So I did, but it gave me a
SecurityError: Error #3206: Caller app:/TahomaBold13.swf cannot set LoaderInfo property childSandboxBridge.
Weird. Well, I reverted the file to plain CS4 FPL10 SWF and decided to try another approach. I first loaded the SWF as a FileStream, then put the bytes into Loader.loadBytes. That should take care of security. And it did, however it created another problem.
The font library relies on being able to enumerate the embeded fonts. The SWF's constructor has a function that enumerates all fonts and isolates the font embeded in the SWF, and then extracts it's properties. When launching the SWF by itself, or loading it from another CS4 FPL10 SWF it launches perfectly and enumerates the fonts as it should. However when the SWF is executed from inside AIR, the constructor located in the font file, as well as a function called from the main application upon executing enumerateFonts(false) both give an empty array. Which is quite weird really, as the loaded SWF contains an input TextField with embedded fonts. And I can edit and type stuff in that textfield, even while it's rotated.
I thought this might be an issue of a different flash player version, but I tried to target AIR 1.5 and flash 9, neither worked and both returned no embeded fonts.
Here's the entire source of the mxml air app
<?xml version="1.0" encoding="utf-8"?>
<mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
<mx:Panel x="0" y="0" width="100%" height="100%" layout="absolute" title="M2C Studio Font Parser Utility">
<mx:VBox x="0" y="0" width="100%" height="100%" paddingRight="10" paddingLeft="10" paddingTop="10" paddingBottom="0">
<mx:HBox x="10" y="10" width="100%" height="95%">
<mx:VBox width="50%" height="100%">
<mx:Label text="Select font directory from filelist below"/>
<mx:FileSystemTree width="100%" height="50%" id="fileTree"/>
<mx:HRule width="100%"/>
<mx:Label text="Fonts list"/>
<mx:Text width="100%" height="50%" id="fontlist"/>
</mx:VBox>
<mx:VRule height="100%"/>
<mx:VBox width="50%" height="100%">
<mx:Label text="XML Output"/>
<mx:TextArea width="100%" height="50%" backgroundColor="#ECE9E9"/>
<mx:Canvas width="100%" height="50%" id="canv">
</mx:Canvas>
</mx:VBox>
</mx:HBox>
<mx:Button label="Generate XML from directory" width="100%" click="handlePress();"/>
</mx:VBox>
</mx:Panel>
<mx:Script>
<![CDATA[
import flash.utils.setInterval;
import com.m2cstudio.archont.utility.fonts.FontLibraryItem;
import com.m2cstudio.archont.utility.fonts.IFontLibraryItem;
import mx.accessibility.AlertAccImpl;
import mx.controls.*;
import mx.events.*;
import mx.controls.Alert;
var rx:RegExp = /^.*\.swf$/;
function handlePress():void
// This also throws an error
//Security.allowDomain("*");
var file:File = fileTree.selectedItem as File;
var aLoad:Array = new Array();
if(!file)
Alert.show("You must select a folder", "Error");
return;
} else if(!file.isDirectory) {
Alert.show("You must select a folder, not a file", "Error");
return;
var aList:Array = file.getDirectoryListing();
for each (var fil:File in aList)
if(!fil.isDirectory)
if(fil.nativePath.match(rx))
// Is swf
var fs:FileStream = new FileStream();
fs.addEventListener(Event.COMPLETE, handleFileStreamLoaded);
fs.openAsync(fil, FileMode.READ);
function handleFileStreamLoaded(e:Event):void
var fs:FileStream = e.target as FileStream;
var ld:Loader = new Loader();
var lc:LoaderContext = new LoaderContext();
var ba:ByteArray = new ByteArray();
lc.allowLoadBytesCodeExecution = true;
fs.readBytes(ba);
fs.close();
ld.contentLoaderInfo.addEventListener(Event.COMPLETE, handleLoaded);
ld.loadBytes(ba, lc);
function handleLoaded(e:Event):void
var cnt:FontLibraryItem = e.target.content as FontLibraryItem;
cnt.rotation=10; // Rotation, just to be sure it's not using system fonts
canv.rawChildren.addChild(cnt);
// This doesn't output anything - neither the main app nor the loaded SWF 'see' any embedded fonts, even though the later uses them!
for each (var f:Font in Font.enumerateFonts(false))
Alert.show(f.fontName, f.fontType);
// This should retrieve the appropriate values but throws an error because the SWF can't grab the Font definition
//Alert.show(cnt.getFontName(), cnt.getFontStyle());
]]>
</mx:Script>
</mx:WindowedApplication>
Here's a screen of what it actually looks like when compiled:
Here's the source of the font library item. Note that the SWF contains only 2 items. A TextField named font with embeded characters and a boolean bt on the first frame.
package com.m2cstudio.archont.utility.fonts
import flash.display.MovieClip;
import flash.text.*;
public dynamic class FontLibraryItem extends MovieClip implements IFontLibraryItem
private var txtFont:TextField;
private var fFont:Font;
public function FontLibraryItem()
super();
// Causes an error - see below why
//init();
public function getFontName():String
return fFont.fontName;
public function getFontType():String
return fFont.fontType;
public function getFontStyle():String
return fFont.fontStyle;
public function getBitmapText():Boolean
return this.bt;
public function getBitmapTextSize():uint
if(this.bt) {
return Number(txtFont.defaultTextFormat.size);
} else {
return 0;
public function hasGlyphs(glyphs:String):Boolean
return fFont.hasGlyphs(glyphs);
public function createTextField():TextField
var tf:TextField = new TextField();
tf.embedFonts = true;
tf.defaultTextFormat = (this.font as TextField).defaultTextFormat;
return tf;
public function init():void
if(this.font) {
txtFont = this.font;
} else {
throw new Error("Document must contain a textfield named 'font' with the embedded font");
var fArr:Array = Font.enumerateFonts(false);
if(fArr.length==0) {
throw new Error("Document does not contain any embeded fonts.");
} else if (fArr.length>1) {
throw new Error("Document must contain not more than one embedded font");
fFont = fArr[0];
I'm hoping some AIR specialists will take a look at this. Frankly I'm stumped. Font support in Flash was always black magic, more or less, so I can only hope this is an issue that can be solved.
Just tell me and I'll provide more source or sceenshots.
Cheers,
-archontI even tried porting the code to Gumbo and running it there - still, no fonts are being enumerated.
If you're too lazy to read the whole above post, here's the problem in one sentence
An SWF that contains a textfield with embedded fonts, when launched by itself succeeds to return the embedded font using Font.enumerateFonts(false), however when loaded using Loader.loadBytes into AIR, it fails to see those fonts even though the textfield in it is displayed and editable.
How do I make the loaded child application and AIR see the embedded font? -
Security Sandbox Violation when calling a remote service from a worker
From my application, I make calls to a BlazeDS server, that works fine.
I added a worker that calls the same services on the same server. But then, only for the calls from the worker, I have a Security Sandbox Violation error. I launch the application from FB in debug mode.
This is the message :
Error: [strict] Ignoring policy file at http://xxxxxxxxxxxx/crossdomain.xml due to incorrect syntax. See http://www.adobe.com/go/strict_policy_files to fix this problem.
*** Security Sandbox Violation ***
Connection to http://xxxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling halted - not permitted from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf
Error: Request for resource at http://xxxxxxxxxxxxx/appstore-admin/messagebroker/amfpolling by requestor from file:///D:/Projects/appstoreClientsNext/MultiAppstoreAdmin/bin-debug/MultiAppstoreAdmin.swf is denied due to lack of policy file permissions.
What should I do to allow the worker to make remote calls ?I made some progress on this. There are two different cases :
1) The service you want to access has a crossdomain.xml file
All the workers can access the service without a problem.
2) The service you want to access doesn't have a crossdomain.xml file
Whether you launch from FB in debug mode or you put your application on the same server you are trying to access, only the primordial worker will access the service, the other workers will encounter a security error.
I believe this is a bug. Shouldn't a worker have the same access privileges as the primordial worker ? -
Security sandbox violation: BitmapData.draw on CloudFront/S3.
I'm using Cloudfront/AS3 to stream some video in RTMP.
When I try to do a Bitmap.draw, I get this error:
[Fault] exception, information=SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: [my_url] cannot access unknown URL. No policy files granted access.
Since there is no Application.xml, I can't change the <VideoSampleAccess />.
My crossdomain.xml is available.
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>
My bucket policy is:
"Version": "2008-10-17",
"Statement": [
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": {
"AWS": "*"
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::[my url]/*",
"Condition": {}
And this is my CORS configuration:
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Not sure what I must change to give myself access.
Thanks
MartinIf you don't have access to the server - you will not be able to accomplish BitmapData.draw() on the video or any of its parents. The policy error refers to streaming server side policy. If you look into RTMP traffic - you will see at what point security request goes.
I don't know what range of services Amazon cloud offers but I could imagine that, since they do offer pretty granular access to application instances, at some level it is possible to gain access to the server or engage their support to help you. I may be wrong though. -
*** Security Sandbox Violation *** when calling a You Tube video
Hi,
I get an error when I run my SWF, it says
*** Security Sandbox Violation ***
SecurityDomain 'http://s.ytimg.com/yt/swfbin/apiplayer3-vflS6GT64.swf' tried to access incompatible context 'file:///C|/Users/mww/web/crafty%20copy/10%2D11.swf'
My code is
// start of code
Security.allowDomain("www.youtube.com");
var my_playerbject;
var my_loader:Loader = new Loader();
my_loader.load(new URLRequest("http://www.youtube.com/apiplayer?version=3"));
my_loader.contentLoaderInfo.addEventListener(Event .INIT, onLoaderInit);
function onLoaderInit(e:Event):void{
movArticles.movArticle2.videoPlayerHolder.videoMov 2.addChild(my_loader);
my_player = my_loader.content;
my_player.addEventListener("onReady", onPlayerReady);
function onPlayerReady(e:Event):void{
my_player.setSize(640,360);
my_player.cueVideoById("CtOj8kpLIlI",0);
// end of code
Any help would be much apreciated, ThanksI tried adding those, as well as these :
Security.allowDomain("www.youtube.com");
Security.allowDomain("s.ytimg.com");
Security.allowDomain("s2.ytimg.com");
Security.allowDomain("*.youtube.com");
Security.allowDomain("*.ytimg.com");
Security.allowDomain("com.google.utils.SafeLoader");
Security.allowDomain("http://s.ytimg.com");
Security.allowDomain("http://www.youtube.com/apiplayer?version=3");
Security.allowDomain("o-o.preferred.lhr14s07.v15.lscache6.c.youtube.com");
Security.allowDomain("i1.ytimg.com");
Security.allowDomain("i2.ytimg.com");
Security.allowDomain("i3.ytimg.com");
Security.allowDomain("i4.ytimg.com");
Security.allowDomain("http://www.youtube.com");
Security.allowDomain("googleads.g.doubleclick.net");
Security.allowDomain("gdata.youtube.com");
Security.allowDomain("http://s0.2mdn.net");
Security.allowDomain("http://pagead2.googlesyndication.com");
Security.loadPolicyFile("http://www.youtube.com/crossdomain.xml");
Security.loadPolicyFile("http://s2.youtube.com/crossdomain.xml");
Security.loadPolicyFile("www.youtube.com");
Security.loadPolicyFile("http://www.youtube.com");
Security.loadPolicyFile("s.ytimg.com");
Security.loadPolicyFile("http://s.ytimg.com");
Security.loadPolicyFile("s2.ytimg.com");
Security.loadPolicyFile("i1.ytimg.com");
Security.loadPolicyFile("i2.ytimg.com");
Security.loadPolicyFile("i3.ytimg.com");
Security.loadPolicyFile("googleads.g.doubleclick.net");
Security.loadPolicyFile("gdata.youtube.com");
Security.allowInsecureDomain("www.youtube.com");
Security.allowInsecureDomain("http://www.youtube.com");
Security.allowInsecureDomain("*.youtube.com");
Security.allowInsecureDomain("s.ytimg.com");
Security.allowInsecureDomain("http://s.ytimg.com");
Security.allowInsecureDomain("s2.ytimg.com");
Security.allowInsecureDomain("*.ytimg.com");
Security.allowInsecureDomain("i1.ytimg.com");
Security.allowInsecureDomain("i2.ytimg.com");
Security.allowInsecureDomain("i3.ytimg.com");
Security.allowInsecureDomain("googleads.g.doubleclick.net");
Security.allowInsecureDomain("gdata.youtube.com")
YouTube's own ActionScript player example gives the same warnings. I think it might be something to do with the way the API is loaded, because instead of using a Loader & URLRequest I use:
<s:SWFLoader id="swfload" source="http://www.youtube.com/apiplayer?version=3"/>
Then in ActionScript:
protected var player:Object;
player=swfload.content;
Then access the API like this:
player.setPlaybackQuality(q);
Every attempt I made to use a Loader resulted in an error when accessing the API: "Access of undefined property setPlaybackQuality", but when loaded into an Object like YouTube's own example, Flex does not check for these functions before compiling and accesses them after they have loaded. I tried finding out about bridges among other things, but even the YouTube forums cannot answer this one and it is a common problem.
Security.allowDomain("www.youtube.com");
Security.allowDomain("s.ytimg.com");
Security.allowDomain("s2.ytimg.com");
Security.allowDomain("*.youtube.com");
Security.allowDomain("*.ytimg.com");
Security.allowDomain("com.google.utils.SafeLoader");
Security.allowDomain("http://s.ytimg.com");
Security.allowDomain("http://www.youtube.com/apiplayer?version=3");
Security.allowDomain("o-o.preferred.lhr14s07.v15.lscache6.c.youtube.com");
Security.allowDomain("i1.ytimg.com");
Security.allowDomain("i2.ytimg.com");
Security.allowDomain("i3.ytimg.com");
Security.allowDomain("i4.ytimg.com");
Security.allowDomain("http://www.youtube.com");
Security.allowDomain("googleads.g.doubleclick.net");
Security.allowDomain("gdata.youtube.com");
Security.allowDomain("http://s0.2mdn.net");
Security.allowDomain("http://pagead2.googlesyndication.com");
Security.loadPolicyFile("http://www.youtube.com/crossdomain.xml");
Security.loadPolicyFile("http://s2.youtube.com/crossdomain.xml");
Security.loadPolicyFile("www.youtube.com");
Security.loadPolicyFile("http://www.youtube.com");
Security.loadPolicyFile("s.ytimg.com");
Security.loadPolicyFile("http://s.ytimg.com");
Security.loadPolicyFile("s2.ytimg.com");
Security.loadPolicyFile("i1.ytimg.com");
Security.loadPolicyFile("i2.ytimg.com");
Security.loadPolicyFile("i3.ytimg.com");
Security.loadPolicyFile("googleads.g.doubleclick.net");
Security.loadPolicyFile("gdata.youtube.com");
Security.allowInsecureDomain("www.youtube.com");
Security.allowInsecureDomain("http://www.youtube.com");
Security.allowInsecureDomain("*.youtube.com");
Security.allowInsecureDomain("s.ytimg.com");
Security.allowInsecureDomain("http://s.ytimg.com");
Security.allowInsecureDomain("s2.ytimg.com");
Security.allowInsecureDomain("*.ytimg.com");
Security.allowInsecureDomain("i1.ytimg.com");
Security.allowInsecureDomain("i2.ytimg.com");
Security.allowInsecureDomain("i3.ytimg.com");
Security.allowInsecureDomain("googleads.g.doubleclick.net");
Security.allowInsecureDomain("gdata.youtube.com") -
I get a security sandbox error #2122 when i try to use ImageSnapshot on video player
hey guys... so all my application does is... it has a video player... and when i initiate the component it loads the flv from a different server, and plays the video... now while its playing the video i have a button called capture, and whe you hit that button the user is able to take snapshots of the current frame.
this seems to work perfectly locally, but as soon as i uploaded it to the server i get problems...
the error states:
SecurityError: Error #2122: Security sandbox violation: BitmapData.draw: http://website1.com/Content/swf/oneStopImageVersion.swf cannot access http://website2.com/videos/originals/Grand_Opening.flv. A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
at flash.display::BitmapData/draw()
at mx.graphics::ImageSnapshot$/captureBitmapData()
at modules.videoHandler::videoHandler/captureVideo()
at modules.videoHandler::videoHandler/___videoHandler_LinkButton3_click()
i have the crossdomain file in the root directory of website2.com, and i have the folloing line of code in there
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="website1.com"/>
<allow-access-from domain="*.website1.com"/>
<allow-http-request-headers-from domain="*.website1.com" headers="SOAPAction"/>
</cross-domain-policy>
any ideas on how to fix this problem???
my actionscript code is as follows
public function captureVideo():void{
var snapshot:BitmapData = ImageSnapshot.captureBitmapData(videoPlayer.videoDisplay);
initialThumbnail.source = new Bitmap(snapshot); //this is the image tag in my mxml
any help is greatly appretiated!!!!
thanks in advance!any one with ideas???
i've been doing some more research... and found a possible solution... where i could send the video thru a server proxy... but the only thing is doing that might slow down my process... i was wondering if there was any other solution to this problem?? -
Can someone please help me see what's wrong with this picture? Why is this security error happening? Is there something I need to change with my crossdomain.xml file?
LoadURL loadError [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: http://www.mysite/mySWF.swf cannot load data from http://mysite.com/scripts/myScript.php."]
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<site-control permitted-cross-domain-policies="master-only" />
<cross-domain-policy>
<allow-access-from domain="mysite.com" />
<allow-access-from domain="www.mysite.com" />
<allow-access-from domain="*.mysite.com" />
</cross-domain-policy>nevermind, idk why I put the site control node outside of the cross-domain-policy root.
-
Security Sandbox violation, opening links in Flash player
Hi,
I have a swf content and its content served from a content management server say for eg, http://www9.abc.com into the html file which is served from http://qwww9.abc.com The links embedded in the flash were not working, when these links are clicked I get this error when tried with Flash debugger player.
*** Security Sandbox Violation ***SecurityDomain 'http://qwww9.abc.com/' tried to access incompatible context 'https://www9.abc.com/sample.swf'
I had set a crossdomain policy file in a custom location in the content management server for this issue, but with the Flash player 9,0,115,0 this stopped working due to default policy change to "master-only". I will not be able to have this policy file in the root folder of the content management server or have the policy set in the HTTP response header.
Is there anyother solution for this issue, for having the links work without setting the crossdomain policy file?
Thanks in advance...How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
Security.sandboxType has one of the following values:
remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
Any input on how to set it would be greatly appreciated. Thanks! -
Need some help with security sandbox stuff asap please
hey guys... so im trying to do a swfLoader call to a swf on a server from my actionscript on my local machine, when i do that i get the security sandbox violation error.... i tried adding a crossdomain.xml file to the server that has the following code in it
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>
and in my actionscript on application initialize i do
initialize="init(); Security.loadPolicyFile('http://myServer.com/crossdomain.xml')"
i also do
Security.allowDomain("http://myServer.com");
any ideas???? oh and i also went to this website http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04a.ht ml and set the always allow trust locations to "/"
any ideas on how i could possible fix this problem?? ive been trying to get around this problem for the last 2 days!!
please help!!!!Hi,
Please use policy file logging to check the exact error. This should shed some light on the problem.The procedure is detailed here.
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_05.html
Nishad -
Error #2048: Security sandbox violation
I've been developing Flex apps for a couple of years now and feel comfortable with my development environment.
I'm testing out Gumbo in my same environment (new workspace): WAMP based
My test app works fine on my localhost set up... but when I upload the files to my hosted domain server... I get Error #2048: Security sandbox violation.
Specifically:
- I'm invoking an HTTPService by setting the url to a relative path (folder/file in same dir as the swf)
- I set method to POST and useProxy to false
(<fx:Declarations>
<s:HTTPService id="contentService" url="data/verd_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
</fx:Declarations>)
- I wrapped the send call in a try / catch block and show an Alert with the error message in the catch... here's what it says
body = (null)
clientId = "DirectHTTPChannel0"
correlationId = "F4B9A542-8B00-5CDB-3C36-1316919FC255"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#1
DSStatusCode = 0
messageId = "E629F555-EF8B-E535-7CE4-13169662A82A"
rootCause = (flash.events::SecurityErrorEvent)#2
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#3
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text"
eventPhase = 2
target = (flash.net::URLLoader)#3
text = "Error #2048: Security sandbox violation: http://****.com/Main.swf cannot load data from http://localhost:***/data/verd_content.xml?hostport=***t.com&https=N&id=F4B9A542-8B00-5CDB -3C36-1316919FC255."
type = "securityError"
timestamp = 0
timeToLive = 0
*NOTE: I obfuscated parts of the url for security reasons
I read the other similar posts here about problems like this when using the PHP / Zend set up... but I checked the .actionScriptProperties file and it does not have any URLs in there (like localhost:port#)
I'm not using a service-config.xml file in this project... but I have set up WebORB for PHP servers and use that all the time... so I know how that works...
Is this a bug or am I missing something new in the Gumbo ?
Again: my swf file is in a folder in the webroot on my ISP
also inside that folder is another folder with an XML file in it
I'm setting an HTTPService call using the url parameter on a POST with a relative file path (folder/filename.xml)
changing the url to an absolute makes no difference...
thanks in advance for any helpSure...
here's the code that contains both the HTTPService setup and the URLLoader setup... like i said in the original post.. the HTTPService call throws the error described, whereas the URLLoader call does not:
private var loader : URLLoader = new URLLoader();
private var req : URLRequest = new URLRequest("data/***dant_content.xml");//path obfuscated
protected function Application_creationComplete():void
// This works...
loader.addEventListener( Event.COMPLETE, parseContent );
loader.addEventListener( IOErrorEvent.IO_ERROR, contentFault );
// This does not...
/* contentService.addEventListener( ResultEvent.RESULT, parseContent );
contentService.addEventListener(FaultEvent.FAULT, contentFault ); */
try
loader.load( req );
catch (err:Error)
Alert.show("In Try Catch Error Block: " + err.message);
currentState='home';
the HTTPService was set up like this: (again, i obfuscate the URLs for security)
<fx:Declarations>
<s:HTTPService id="contentService" url="data/***dant_content.xml" method="POST" useProxy="false" resultFormat="e4x" />
</fx:Declarations>
the parseContent function setup in the event listener justs reads the XML file and uses that data to build an image gallery.
hope this helps (for what its worth: I'm not doing anything serious with Gumbo as of yet due to these kinds of bugs) -
Hi,
I am trying to configure FBA with ADLDS on SharePoint 2013 Enterprise.
I have edited, web.config files for Central Admin, Security Token Application and Claim aware WebApplication.
<PeoplePickerWildcards>
<clear />
<add key="XXPROVIDERMP" value="%" />
<add key="XXPROVIDERRM" value="%" />
<add key="AspNetSqlMembershipProvider" value="%" />
</PeoplePickerWildcards>
<membership defaultProvider="i">
<providers>
<add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="XXPROVIDERMP" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="CSERVER" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="userPrincipalName" userContainer="CN=Clients,CN=Extranet,DC=XXDCNAME,DC=dmz" userObjectClass="person" userFilter="(|(ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />
</providers>
</membership>
<roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
<providers>
<add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
<add name="XXPROVIDERRM" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="CSERVER" port="389" useSSL="false" groupContainer="CN=Clients,CN=Extranet,DC=XXDCNAME,DC=dmz" groupNameAttribute="cn" groupMemberAttribute="member" userNameAttribute="userPrincipalName" dnAttribute="distinguishedName" groupFilter="(ObjectClass=group)" scope="Subtree" />
</providers>
</roleManager>
When I am trying to find user in People Picker, getting error
Error searching for "XXUSER"from role provider "XXPROVIDERNAME" Microsoft.Office.Server.Security.LdapProviderException: Unexpected exception occurred, please contact administrator to resolve this issue.
Has someone else faced this issue?Figured it !
Account which was accessing FBA didn't had permission on it. -
The Itunes store constantly asks me to Improve Apple ID Security by adding three secret questions but won't accept my valid password. I have tried to reset the password, update the billing info and it still won't let me make any purchases.
I have the same problem - it is maddening. I rely on this iPad for work so this is not just an annoyance! The above solutions of changing the appleid on the device or on the website do not work.
The old email address no longer exists - I haven't used it in a year probably and I no longer have the account. I logged into the appleid website and there is no trace of the old email address so there is nothing that can be deleted or changed there. On the iPad there is no trace of the old email address so nothing can be deleted there either. I have updated the iPad software and the same problem comes right back. Every 2 seconds I am asked to log in using the old non-existent email. The device is currently useless.
The only recent change to anything was the addition of an Apple TV device, which was set up using the correct login and password.
Does anyone have any ideas? The iPad has been backed up to the iCloud so presumably it now won't recognize the current iCloud account? So restoring may notbe an option?
Maybe you are looking for
-
List of Pricing conditions for a material
Hi, How can I view the list of all pricing condition types maintained for a material. Is it possible in standard SAP? Thanks.
-
IChat AV 3.1.8 will not allow me to SMS to a verizon phone.
Hi all . it is specific number that I cannot send a text messgae to. I can text other cell phone mobile numbers with no problems. Are there certain limitations that I am not aware of? So, instead i am using my mail client to send text messages with "
-
I bought my iPad in USA. It was set up over there.i live in Ireland.when I try to buy from apple store it doesn't accept my details and says I must put in my USA address.can this be changed?
-
Why frequent crashes after iso5 update on ipad1 and iphone3gs
After I updated to iso5 my ipad1 and iphone3gs are experiencing frequent crashes. I find that my wife's iphone4 and my daughter's 4s are working flawlessly.
-
10.6.5 Update causes minor graphic corruption?
On my Macbook, I notice the following when I open a program: as the icon bounces in the dock, the edges of the icon become jagged or pixelated and appear to "crawl" a little. This is especially noticeable when opening word or excel since the icons ha