Security sandbox on air app
I have an application that read a external swf from a website, the swf has
Security.allowDowmain("*");
inside of it, and when I try lo load it from my air app happens this.
SecurityError: Error #2070: Security sandbox violation: caller http://leftandrightsolutions.com/iglesiaviewer.swf cannot access Stage owned by app:/iglesiaFls.swf.
at flash.display::Stage/set scaleMode()
at tv.ustream.core::Application/frame1()
could someone help me? I;ve tried to use a new Security.allowDowmain("leftandrightsolutions.com") and nothing happens.
I have all the attempts from the sub-swf to set scale mode erased or at least "//" and now it doesn't shows-off any sandbox violation but now it doesn't show anything , here is my code on the
<mx:script>
private function videoViewer():void{
var videoviewer:Loader= new Loader();
videoviewer.width=800;
videoviewer.height=400;
videoviewer.load(new URLRequest("http://leftandrightsolutions.com/IglesiaViewer.swf"));
holder.addChild(videoviewer);
here is my UI component called holder.
<mx:UIComponent id="holder" width="800" height="400" left="245" verticalCenter="-261">
</mx:UIComponent>
I don't know what could have been wrong. I think I have all as the in the book.
Some help appreciated.
Gus
Similar Messages
-
Air app, Rest service, Security sandbox violation
Hi All,
I wrote an app a couple of years ago using flex 3 that connects to a number of remote web services and does various things.
This worked fine.
Now I have been asked by the customer to update the app as it stopped working at some point.
I am trying to use the resthttpservice library to do a PUT operation, but I am getting the following error when I try and create a socket to the remote server:
Error #2048: Security sandbox violation: app:/main.swf cannot load data from http://my.host:8182
Now, it's been a while since I've done anything with flex so I am rusty. But this error is usually fixed by having a crossdomains.xml file on the remote server. But it was my understanding that this was only required when one's app was running from within the browser and that desktop applications are not effected.
Can anyone clarify this for me? It seems that there were changes made to the flash player in version 10 that might have changed this.
I am very puzzled at this point!
thanks for any help!These articles discuss security changes between FP 9 and 10:
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html
http://www.adobe.com/devnet/flashplayer/articles/fplayer9-10_security.html
What is impacted?
This change can potentially affect any SWF file accessing cross-domain content. This change affects SWF files of all versions played in Flash Player 10 and later. This change affects all non-app content in Adobe AIR (however, AIR app content itself is unaffected).
What do I need to do?
Read the article: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html -
Flex 4 + AIR 2 + mx:Image = Security Sandbox Violation!
Hi there!
I've been using Flex 4 and AIR 2 for some time now and there's a bug (or is it really one) that I always get and can't understand...
Whenever I use a <mx:Image> to load an image (JPG) on a remote server that has a valid crossdomain.xml I get some annoying warnings. Of course, these only are warnings and everything runs fine (except that) but it's a pain to debug an app that has lots of logs like that:
*** Security Sandbox Violation ***
SecurityDomain 'http://static-p3.fotolia.com/jpg/00/07/56/92/110_F_7569245_9hdeWKxUxFRNYuowdSDBNv0YFN9xTJ9 S.jpg' tried to access incompatible context 'app:/Main.swf'
I've googled it and found lots of others folks/threads about this, but none of them provide a valid solution... Seems like it's specific to AIR because some answers/solutions I found work in a basic SWF, but fail in an AIR app.
Is that a bug in Flex?
Am I wrong about the crossdomain.xml?
How could a JPG raise a Security Sandbox Violation?
Tips or tricks, anyone?AIR has different security rules because it doesn't really have a "domain"
to compare against crossdomain.xml. The warnings are annoying and
misleading and usually indicate that some code is trying to access the
bitmap inside a try/catch block. Usually you can ignore any warning that
doesn't stop execution. -
AIR, Fonts, CS4 and the security sandbox
I have no idea why embedding fonts in CS4 using library->new font includes every european character EXCEPT polish. You have german, french, spanish, norwegian, but not polish. Well, since embedding a font from Flash is the only way to use bitmap fonts in Flex, I had to create a library of external font files, one SWF per font size and style. Such an SWF exposes several functions, such as returning a ready to use pre-formatted textfield, returning the font name (Such as Tahoma) and the font name you actually need to use (such as Tahoma_13pt_st).
I thought I'd need an AIR application to parse through all the fonts (and there are quite a few) extract the neccesary data, such as font size, name and so on and generate an XML file, so that I can load fonts at dynamic.
The first problem I encountered was the security sandbox. A possible solution was to use the loaderInfo.childSandboxBridge. That approach didn't work however, as I was generating plain SWF files from flash CS4. childSandboxBridge is an AIR property, so I had to create an AIR file and try to set the bridge property to a simple number. So I did, but it gave me a
SecurityError: Error #3206: Caller app:/TahomaBold13.swf cannot set LoaderInfo property childSandboxBridge.
Weird. Well, I reverted the file to plain CS4 FPL10 SWF and decided to try another approach. I first loaded the SWF as a FileStream, then put the bytes into Loader.loadBytes. That should take care of security. And it did, however it created another problem.
The font library relies on being able to enumerate the embeded fonts. The SWF's constructor has a function that enumerates all fonts and isolates the font embeded in the SWF, and then extracts it's properties. When launching the SWF by itself, or loading it from another CS4 FPL10 SWF it launches perfectly and enumerates the fonts as it should. However when the SWF is executed from inside AIR, the constructor located in the font file, as well as a function called from the main application upon executing enumerateFonts(false) both give an empty array. Which is quite weird really, as the loaded SWF contains an input TextField with embedded fonts. And I can edit and type stuff in that textfield, even while it's rotated.
I thought this might be an issue of a different flash player version, but I tried to target AIR 1.5 and flash 9, neither worked and both returned no embeded fonts.
Here's the entire source of the mxml air app
<?xml version="1.0" encoding="utf-8"?>
<mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
<mx:Panel x="0" y="0" width="100%" height="100%" layout="absolute" title="M2C Studio Font Parser Utility">
<mx:VBox x="0" y="0" width="100%" height="100%" paddingRight="10" paddingLeft="10" paddingTop="10" paddingBottom="0">
<mx:HBox x="10" y="10" width="100%" height="95%">
<mx:VBox width="50%" height="100%">
<mx:Label text="Select font directory from filelist below"/>
<mx:FileSystemTree width="100%" height="50%" id="fileTree"/>
<mx:HRule width="100%"/>
<mx:Label text="Fonts list"/>
<mx:Text width="100%" height="50%" id="fontlist"/>
</mx:VBox>
<mx:VRule height="100%"/>
<mx:VBox width="50%" height="100%">
<mx:Label text="XML Output"/>
<mx:TextArea width="100%" height="50%" backgroundColor="#ECE9E9"/>
<mx:Canvas width="100%" height="50%" id="canv">
</mx:Canvas>
</mx:VBox>
</mx:HBox>
<mx:Button label="Generate XML from directory" width="100%" click="handlePress();"/>
</mx:VBox>
</mx:Panel>
<mx:Script>
<![CDATA[
import flash.utils.setInterval;
import com.m2cstudio.archont.utility.fonts.FontLibraryItem;
import com.m2cstudio.archont.utility.fonts.IFontLibraryItem;
import mx.accessibility.AlertAccImpl;
import mx.controls.*;
import mx.events.*;
import mx.controls.Alert;
var rx:RegExp = /^.*\.swf$/;
function handlePress():void
// This also throws an error
//Security.allowDomain("*");
var file:File = fileTree.selectedItem as File;
var aLoad:Array = new Array();
if(!file)
Alert.show("You must select a folder", "Error");
return;
} else if(!file.isDirectory) {
Alert.show("You must select a folder, not a file", "Error");
return;
var aList:Array = file.getDirectoryListing();
for each (var fil:File in aList)
if(!fil.isDirectory)
if(fil.nativePath.match(rx))
// Is swf
var fs:FileStream = new FileStream();
fs.addEventListener(Event.COMPLETE, handleFileStreamLoaded);
fs.openAsync(fil, FileMode.READ);
function handleFileStreamLoaded(e:Event):void
var fs:FileStream = e.target as FileStream;
var ld:Loader = new Loader();
var lc:LoaderContext = new LoaderContext();
var ba:ByteArray = new ByteArray();
lc.allowLoadBytesCodeExecution = true;
fs.readBytes(ba);
fs.close();
ld.contentLoaderInfo.addEventListener(Event.COMPLETE, handleLoaded);
ld.loadBytes(ba, lc);
function handleLoaded(e:Event):void
var cnt:FontLibraryItem = e.target.content as FontLibraryItem;
cnt.rotation=10; // Rotation, just to be sure it's not using system fonts
canv.rawChildren.addChild(cnt);
// This doesn't output anything - neither the main app nor the loaded SWF 'see' any embedded fonts, even though the later uses them!
for each (var f:Font in Font.enumerateFonts(false))
Alert.show(f.fontName, f.fontType);
// This should retrieve the appropriate values but throws an error because the SWF can't grab the Font definition
//Alert.show(cnt.getFontName(), cnt.getFontStyle());
]]>
</mx:Script>
</mx:WindowedApplication>
Here's a screen of what it actually looks like when compiled:
Here's the source of the font library item. Note that the SWF contains only 2 items. A TextField named font with embeded characters and a boolean bt on the first frame.
package com.m2cstudio.archont.utility.fonts
import flash.display.MovieClip;
import flash.text.*;
public dynamic class FontLibraryItem extends MovieClip implements IFontLibraryItem
private var txtFont:TextField;
private var fFont:Font;
public function FontLibraryItem()
super();
// Causes an error - see below why
//init();
public function getFontName():String
return fFont.fontName;
public function getFontType():String
return fFont.fontType;
public function getFontStyle():String
return fFont.fontStyle;
public function getBitmapText():Boolean
return this.bt;
public function getBitmapTextSize():uint
if(this.bt) {
return Number(txtFont.defaultTextFormat.size);
} else {
return 0;
public function hasGlyphs(glyphs:String):Boolean
return fFont.hasGlyphs(glyphs);
public function createTextField():TextField
var tf:TextField = new TextField();
tf.embedFonts = true;
tf.defaultTextFormat = (this.font as TextField).defaultTextFormat;
return tf;
public function init():void
if(this.font) {
txtFont = this.font;
} else {
throw new Error("Document must contain a textfield named 'font' with the embedded font");
var fArr:Array = Font.enumerateFonts(false);
if(fArr.length==0) {
throw new Error("Document does not contain any embeded fonts.");
} else if (fArr.length>1) {
throw new Error("Document must contain not more than one embedded font");
fFont = fArr[0];
I'm hoping some AIR specialists will take a look at this. Frankly I'm stumped. Font support in Flash was always black magic, more or less, so I can only hope this is an issue that can be solved.
Just tell me and I'll provide more source or sceenshots.
Cheers,
-archontI even tried porting the code to Gumbo and running it there - still, no fonts are being enumerated.
If you're too lazy to read the whole above post, here's the problem in one sentence
An SWF that contains a textfield with embedded fonts, when launched by itself succeeds to return the embedded font using Font.enumerateFonts(false), however when loaded using Loader.loadBytes into AIR, it fails to see those fonts even though the textfield in it is displayed and editable.
How do I make the loaded child application and AIR see the embedded font? -
Any solution for Launching Air Apps from Sandboxed Chrome and Safari Browsers?
Before we go and build our own plug-in (Ugh!)...
As of early this year, we could no longer launch our Air application from Chrome. Now Safari (with Mavericks) has Sandboxed Flash with their browser and it will no-longer launch our application.
Does anyone have any helpful advice (beyond building our own plug-in)?
Thanks,
LeoFor the Chrome issue, I added instructions on how to manually enable an exception so that the plugin could run. The easier way to get it working is to have them install an Air app from the browser using a Flash badge. This didn't work for us since our app needs a native installer. Another option is to have our user install another Air app from our site. The exception is created for the site and the Air plugin so even though it would be a different app, once they allowed the plugin on our site, we could launch the natively installed app after that.
I just discovered the Safari sandbox issue on Mavericks. I haven't tried either of these approaches on Safari yet. Is it the AdobeAAMDetect plugin in Safari settings that needs to be allowed?
http://support.trainerroad.com/entries/22547739-How-do-I-allow-TrainerRoad-to-be-launched- from-the-website- -
How do I create a local AIR app that loads a network resource that loads a network resource?
Ok, when you think about it, what I'm trying to accomplish
isn't that difficult, yet I'm running into security sandbox
violations all over the place.
Here's the scenario:
- I have a network-enabled SWF that lives in a web server,
that pulls external content via the network. That part works fine
when you run it as itself.
- THEN, I have an AIR application that is nothing but a
"stub" that loads that network-enabled SWF from a web server, that
in turn is supposed to pull the external content from the network.
It seems easy: I don't want to have to bundle up that same
main SWF as an AIR application as that would create two code bases
to maintain should there be any future bug fixes. Count that
against countless installs on both the web-version and the desktop
version, and there's lots of variables. So I just wanted the AIR
application to pull that single SWF off the server and have it do
its work, independent of the AIR application.
However, the problem I'm running into is:
quote:
SecurityError: Error #2142: Security sandbox violation: local
SWF files cannot use the LoaderContext.securityDomain property.
app:/buzztv_desktop_0.1.swf was attempting to load
http://localhost/widget/widget.swf.
at flash.display::Loader/_load()
at flash.display::Loader/load()
There was a previous instance of that same error that
referenced Stage, but I solved that by wrapping the main function
in an if (stage) {}, so this is the next error on the list. I have
a feeling that if I've encountered these two errors already, there
are more lined up behind them.
So I tried something like
quote:
_loader.load(request, new LoaderContext(true, null,
SecurityDomain.currentDomain));
...thinking that it might help, but it didn't.
Is there a reasonable solution to this without changing the
entire workflow of the project, or do I simply have to have the
same main SWF as two code bases, one for the embeddable web
version, and one for the desktop version (read: they are intended
to do the same exact thing, no differing features, no desktop
notifications, etc.)?
Thanks in advance!Hi,
I have simillary problem, please, did you find solution?
Thx -
Hi,
I am using the new 3.7 SDK with my mobile Flex application, and have a situation where my externally loaded swf is generating mysterious messages in the debugger console. The mobile app downloads and caches swf files from a server, then loads them on an as needed basis, and unloads them when the Flex View is discarded. The swf files contain no AS3 code, but some of the symbol instances on stage have been assigned names if that matters. When I load these swf files and turn on/off the named symbols on stage by setting their visibility property to true/false, the app spits out these trace messages in the debugger console when I debug on the device:
[trace] IDS_CONSOLE_SANDBOX
[trace] IDS_CONSOLE_SECURITY_CONTEXT
These are listed in the console as trace statements, but I have not coded these anywhere. Everything works as expected and there are no errors in the app. So my question is, what could be causing this, and could these messages cause an App Store rejection?
thxThanks for the info. I found this which helped provide some more details on the messages: http://www.seatoa.org/2013confspkrpresentations/2013.03.21/CBB%20State%20BBND%20Mapping/Ba iley%20White%20Georgia%20SBI%20Seatoa/Prezi.app/Contents/Frameworks/Adobe%20AIR.framework/ Versions/1.0/Resources/en.lproj/PlayerUILocalizable.strings
It seems I have a security sandbox violation error at runtime, and it seems there is no way to correctly fix this because of AIR's rule that it cannot load any swf into it's security sandbox. The docs for LoaderContext say: "Content in the air application security sandbox cannot load content from other sandboxes into its SecurityDomain."
It would seem that in my LoaderContext object that I pass to the Loader object to load the external swf that I could set the security domain property to the security domain of the AIR app, but that does not work at all and throws a security error and program halt. So is this a limitation of AIR or is there a correct way to load an external swf and manipulate it's movieclips on stage? -
Launching an AIR app from another (when offline)?
I have a pair of AIR applications that are meant to work
together as part of an application suite. One feature is that a
user should be able to click a button in APP_1 and launch APP_2 (if
installed). To do this I created a "LaunchButton.swf" that loads
"air.swf". This works GREAT when the user is online and "air.swf"
is able to be loaded from "
http://airdownload.adobe.com/air/browserapi/air.swf".
I tried to copy "air.swf" locally and use that instance but I am
guessing that it doesn't work due to security restrictions.
If there are any AIR engineers reading this (Oliver?) please
let me know if there is a solution to "Launching an AIR app from
another (when offline)?"
Thanks!I think theoretically it shouldn't work, and doesn't by the
response you give. Remember a functional work around isn't always a
fix. What you've essentially done is loaded the air.swf into a
sandbox bridge, bridging it between a web sandbox and an
application sandbox, therefore you're able to call its methods
without security errors. However, if the air.swf loads in another
swf, maybe a helper swf, you won't be able to access any methods in
that swf, neither will the air.swf. To my understanding, it's not
grandfathered into the sandbox bridge, but retains its web sandbox.
Before going crazy about the bad news I may have just given,
wait until Ted returns to give you a response. I could be way off
par here :) Good luck! -
Sandbox Violation: AIR + contentLoader'd SWFs versus UI components?!
I've written about this once before with respect to Yahoo Components but it just became a lot more urgent, as my attempt to add a Flash UI ColorPicker to my app resulted in generating
*** Security Sandbox Violation ***
SecurityDomain 'file:///H:/Path/To/Content/panelWithSwitchesAndTextFrames.swf' tried to access incompatible context 'app:/scribblingz.swf'
on many of my SWF's.
Is there any way around this issue that anyone is aware of? It's especially frustrating that it works perfectly without any components in the AIR library and breaks immediately after I add the first one!
Thanks in advance,
Eric.
Flash CS4 10.0.2 on Windows 7 + AIR 1.5I was able to find a workaround of the security sandbox using Loader.loadBytes();
Aleksandar Andreev's Loader class really helped:
http://blog.aleksandarandreev.com/?p=42 -
AIR App, load externally hosted SWF which loads XML
I am wondering if this is even possible, because I am getting error 2148.
I am loading in SWF files that are externally hosted into an AIR app. Everything works great!
Is it possible to have one of these child SWFs load in some type of XML data or access an XML file on the desktop/tmp?
Or if need be, should I have the AIR app do all the loading (including the other XML) and pass that to the child SWF?
Thanks in advance!
In detail:
AIR app -> Loads SWFs
SWFS -> Load XML
SWF -> displays something or does something RAD!!!
Stuff I have tried:
Ive added an mms.cfg file in the proper places, as well as, changed my adobe security settings to allow access to a "tmp" folder on desktop. The loaded SWF from an external domain loads fine however it still shows an error 2148 when trying to access an XML file within the "tmp" folder on desktop. The SWF when published is also set to "access local files"I was able to find a workaround of the security sandbox using Loader.loadBytes();
Aleksandar Andreev's Loader class really helped:
http://blog.aleksandarandreev.com/?p=42 -
SecurityError Security sandbox
Hey all,
I have actually tried a lot of ways to solve this issue but I
was just wondering if this is even possible using Sandbox Bridge.
The Problem
I have an Air Application that launches a new native window.
The native window then begins to load a external swf file
(minimal drawing widget).
I can call functions from the loaded swf file which are
defined in my Air App using parentSandBoxBridge....great!!
The problem starts when the drawing widget needs access to
the stage event listener
I get this runtime Error
SecurityError: Error #2070: Security sandbox violation:
caller DrawAir.swf cannot access Stage owned by app:/Main.swf
at flash.display::Stage/requireOwnerPermissions()
at flash.display::Stage/addEventListener()
any help would be appreciated
cheers
firdoshHello firdosh,
I've had some problem loading a swf file into an air
application a few months ago. This was due to the fact that the
external swf application was not loaded into the air application
security context. I don't know if this can help, but to fix this
problem I used the loadBytes method of the Loader object in place
of the load method. You can take a look at this article of Ted
Patrick from Adobe about this subject :
http://www.onflex.org/ted/2008/01/loaderload-vs-loaderloadbytes.php -
Problems loading Flex3 swf into AIR app
This is a challenging problem that I have reduced down to the
bare minimum and it is still reproduceable. I have built a minimal
AIR application and added a SWFLoader to it which loads a SWF file
named "Junk.swf" using an absolute path.
<?xml version="1.0" encoding="utf-8"?>
<mx:WindowedApplication xmlns:mx="
http://www.adobe.com/2006/mxml"
layout="absolute" title="Hello World">
<mx:Style>
WindowedApplication {
background-color:"0x999999";
background-alpha:"0.5";
</mx:Style>
<mx:SWFLoader
source="C:/myProjectFolder/renderers/Junk.swf" width="100%"
height="100%" />
</mx:WindowedApplication>
This works fine if I run the application from within Flex3,
however when I build an installer, install the application to my
windows vista system and execute it from the desktop the Junk.swf
will not display. If I replace the Junk.swf with another SWF of the
same name created in Flash CS3 then it will display properly when
my test app is executed from either Flex or the desktop.
The contents of the loaded SWF don't appear to be an issue
since even the simplest of Flex3 SWFs fail to display.
Interestingly when I add listeners to the SWFLoader to
determine if any errors are happening no error events are sent, but
I do receive both the INIT and COMPLETE events which tells me that
the Junk.swf is found and loaded, just not displayed.
Any assistance or even ideas that I could try would be
appreciated.that's why i added those comments about the swf's domain. for locally loaded swfs, use:
SFMltd wrote:
Hi Kglad, Thanks for the Example.
if i run my class with securityDomain = SecurityDomain.currentDomain; then it throws this error: SecurityError: Error #2142: Security sandbox violation: local SWF files cannot use the LoaderContext.securityDomain property.
The swf file im trying to load is stored locally so i guess this error makes sense. However if i comment out that line i get the same "cannot access Stage owned by app" error?
See below for class:
package {
import flash.display.MovieClip;
import flash.filesystem.File;
import flash.events.Event;
import flash.net.FileReference;
import flash.events.MouseEvent;
import flash.display.Loader;
import flash.net.URLRequest;
import flash.system.LoaderContext;
import flash.system.ApplicationDomain;
import flash.system.SecurityDomain;
public class assetPreview extends MovieClip {
private var loader:Loader;
private var mainSWF:MovieClip = new MovieClip();
public function assetPreview() {
addEventListener(Event.ADDED_TO_STAGE, initialise);
public function initialise(e:Event):void
removeEventListener(Event.ADDED_TO_STAGE, initialise);
var allowSWF:LoaderContext = new LoaderContext(false,ApplicationDomain.currentDomain);
// allowSWF.securityDomain = SecurityDomain.currentDomain;
loader = new Loader();
loader.load( new URLRequest(settingsXML.pathToSWF),allowSWF);
loader.contentLoaderInfo.addEventListener(Event.COMPLETE, viewPreview);
public function viewPreview(e:Event):void
addChild(mainSWF);
mainSWF.addChild(loader); -
Loading external swf into Air App
Hi All,
I'm building an Adobe Air App for desktop and am having problems loading an external swf. Every time i try to load i get:
SecurityError: Error #2070: Security sandbox violation........ cannot access Stage owned by app....blah blah
The file that is being loaded is in a local directory, but as i understand its in a different 'sandbox' which is a security risk.
Is there any way around this?!
Any help would be much appreciated
Many Thanks
Mattthat's why i added those comments about the swf's domain. for locally loaded swfs, use:
SFMltd wrote:
Hi Kglad, Thanks for the Example.
if i run my class with securityDomain = SecurityDomain.currentDomain; then it throws this error: SecurityError: Error #2142: Security sandbox violation: local SWF files cannot use the LoaderContext.securityDomain property.
The swf file im trying to load is stored locally so i guess this error makes sense. However if i comment out that line i get the same "cannot access Stage owned by app" error?
See below for class:
package {
import flash.display.MovieClip;
import flash.filesystem.File;
import flash.events.Event;
import flash.net.FileReference;
import flash.events.MouseEvent;
import flash.display.Loader;
import flash.net.URLRequest;
import flash.system.LoaderContext;
import flash.system.ApplicationDomain;
import flash.system.SecurityDomain;
public class assetPreview extends MovieClip {
private var loader:Loader;
private var mainSWF:MovieClip = new MovieClip();
public function assetPreview() {
addEventListener(Event.ADDED_TO_STAGE, initialise);
public function initialise(e:Event):void
removeEventListener(Event.ADDED_TO_STAGE, initialise);
var allowSWF:LoaderContext = new LoaderContext(false,ApplicationDomain.currentDomain);
// allowSWF.securityDomain = SecurityDomain.currentDomain;
loader = new Loader();
loader.load( new URLRequest(settingsXML.pathToSWF),allowSWF);
loader.contentLoaderInfo.addEventListener(Event.COMPLETE, viewPreview);
public function viewPreview(e:Event):void
addChild(mainSWF);
mainSWF.addChild(loader); -
How to resolve security sandbox violation (Error#2148) in Flex 3 on XP?
Hi,
When I tried to access an image on c:\ (on XP), I get the following error:
*** Security Sandbox Violation ***
Connection to file:///C:\DBFiles\3.jpg halted - not permitted from http://localhost/test-debug/test.swf
-- Remote SWFs may not access local files.SecurityError: Error #2148: SWF file http://localhost/ullmanphp-debug/ullmanphp.swf cannot access local resource file:///C:\DBFiles\INDSprintOrgChart.pptx\3.jpg. Only local-with-filesystem and trusted local SWF files may access local resources.
at flash.display::Loader/_load()
at flash.display::Loader/load()
It looks like some sort of mismatch on security settings. I have done the following so far (based on what I got by googling....)
1. Flex comipler setting additional compiler arguments: -use-network=false
2. I have added a crossdomain.xml on the source directory with these lines...
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
However, error is still appearing. How do I fix this for testing on my local machine. I cannot move to a webserver at this time.
Thanks!.How do I set Security.sandboxType related to flash player? When I try to see it in my application through debugger it says "remote". I think I need to set it to one of the following from the adobe manual pages...
Security.sandboxType has one of the following values:
remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
Any input on how to set it would be greatly appreciated. Thanks! -
How to create a more general install package for an AIR app?
Hi,
I have been using the ADT to compile an exe of my AIR app along with some other files I want to distribute. Problem is, I would like to do more general install actions (e.g. copy a bunch of files to the users Documents directory, copy a file to the local store, install fonts etc). Right now I achieve some of these by copying stuff from the application directory on the first run, but that is rather kludgy. Currently I am looking at using InstallShield or InstallAnywhere to do what I want out of the can, but I thought I'd see if anyone has some more AIR-friendly suggestions...
Thanks!In my case I managed to work around the issues we were having by doing a configuration pass on the first run of the app. That means I had to basically put all the data I needed in my assets directory using the ADT compiler, then determine if it is a first run as follows:
var locationPrefsObj:SharedObject = SharedObject.getLocal("PrefsObj");
if ( !locationPrefsObj.data.hasOwnProperty("appCreatedDate")
|| ( locationPrefsObj.data.appCreatedDate != File.applicationDirectory.creationDate.toString() ) )
firstRun();
else {
initConfig();
// initialize an existing config
The firstRun function will obviously be very bespoke, but you need to set the SharedObject at the end of it to make sure it doesn't get called every time.
// this function is only run straight after an install
private function firstRun():void {
var success:Boolean = false;
// do your first run stuff here and mark success=true if you are happy
if ( success ) {
// set the appCreatedDate - then a future install can identify dirt left by the previous install
var locationPrefsObj:SharedObject = SharedObject.getLocal("PrefsObj");
locationPrefsObj.data.appCreatedDate = File.applicationDirectory.creationDate.toString();
locationPrefsObj.flush();
Other gotchas I hit:
(1) You can copy things from the assets folder no problem, but to move or delete anything (so as not to leave lots of extra stuff hanging around), you need to (a) run with administrator privileges on Vista and w7 (the elevation happens automatically if you leave the "Run after install" box checked on an ADT install), and (b) work around the Flash security model that says you can't delete anything from a subdirectory of Program Files under any circumstances. I got around this by something like:
// delete a file
new File(File.applicationDirectory.resolvePath("assets/fileToBeDeleted").nativePath).deleteFi le();
It's a bit nasty as it violates the security model, but until ADT lets you put stuff in two install locations I can't see another way to clean up the install properly.
(2) I tried to install fonts (using VB and other stuff), but it is a real mess - the models in all different flavours of Windows seem to be different. I gave up as our software could get around it another way ...
Hope that helps!
Maybe you are looking for
-
Windows XP home edition Firefox 6.0
-
My question is a simple one: Are columnbreaks considered to be part of version 1.0 of TLF? And if not, does anybody know a workaround on how to achieve this? thanks a lot in advance, Roland
-
When the distribution points were configured, we used the Site Server Computer Account. Now we would like to change to a service account and remove the site server computer account from the local administrators group (and add the the service accoun
-
Master detail forms..increase the detail rows by clicking a button
hi all, i have a problem, in my master detail form i have set the details rows as 8. can i give an option to the user such as a button, on clicking which he can increase the number of detail rows by say 2 or 3. can any one help me out on this??? Than
-
MacBook Pro 2011 Snow Leopard Constant Kernel Panics
Before the Kernel Panics I was getting a lot of screen flickering and feezing. After my operating system Snow Leopard 10.6.8 was reinstalled and a new logic board put in I started getting Kernel Panics. Back to the Apple store and my computer went ou