I have some, say, weird situation... Here is what it is:
Flash application which records audio on one server and uploads it on another server.
So, as you likely guessed, I faced that security sandbox violation exceptions/errors and it seems I have to add crossdomain.xml to the root of the server. Ok, did it, but it seems it didn't get downloaded or download process is interupted, so I keep getting this errors.
Could somebody point me to my mistakes, please? I really don't getting what I am doing wrong.
Here is the error I get while trying to upload audio:
Error #2044: Unhandled securityError:. text=Error #2170: Security sandbox
violation: https://ip1/bar/foo cannot send HTTP headers to https://ip2/foo/bar
Here is the content of my crossdomain.xml (test version):
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
p.s. And, yes, crossdomain.xml is accessable via https://ip2/crossdomain.xml address.
ADDITIONAL INFO
I enabled flash logs and was surprised to know that flash is unable to get crossdomain.xml, though it is accessable via browser (with a clause that it is https and it states that there is a certificate issue, or smth like that).
Warning: Failed to load policy file from https://192.168.22.103/crossdomain.xml
ADDITIONAL INFO PART 2
Here is the warning I have in browser in case I try to access crossdomain.xml manually:
Here is the request to download crossdomain.xml ends up with http status code = 0:
Finally, I found out what the problem was. As I developed this application for Internet Explorer there was some tricky things to make it work. As you can see in this picture: there is "The security certificate presented by this website was issued for a different website's address" warning. The thing is that Internet Explorer ALWAYS warns users about this by default and this is the problem which prevents flash player from downloading flash policy file (crossdomain.xml). To override this behaviour you just need to:
Go to the Internet Explorer settings: Click cogwheel icon -> Internet options
Go to advanced tab
Scroll down to the end of the settings list and uncheck "Warn about certificate address mismatch".
IMPORTANT: Kill all instances of IE (if any, check in the Task Manager).
After these steps flash shouldn't have problems with fetching crossdomain.xml.
Really hope that this will help other flex developers avoid such type of issues. Cheers!
Have you tried Security.allowDomain()?
I had similar problem. It was a little bit different because I had sockets involved, but I found that there are some changes in how the flash player uses policy files. You may find this helpful http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
At least it helped me and I wrote this article, which is like conclusion of my case.
Take a look at this paragraph:
Adobe has filed with IANA, the Internet Assigned Numbers Authority, to
reserve port 843 for the purposes of serving socket policy files. By
introducing a centralized location for socket policy files, Flash
Player enables a system administrator to define what ports are
available through one master policy that overrides any other policy
file on the host. If Flash Player 9,0,124,0 cannot retrieve a master
policy file from port 843, then it requests a socket policy file on
the port where it is trying to connect. However, if a policy file is
available from a service on TCP port 843, then Flash Player considers
that to be the authoritative set of permissions for that system.
In my project I just serve the crossdomain.xml file in a specific port.
I had a similiar problem; the .swf on localhost was connecting with REST API over https on a remote server, which had a crossdomain file, but it was throwing 2170. For me the solution was to serve the localhost .html file containing the .swf also on https - that made the problem go away.
Related
I'm currently hosting a flash game on my website which is https: .
I've added a crossdomain file that specifies I only allow access from this website that my flash application is hosted on.
If I download the swf file and try to run it from my local computer, it wont let me (which is what I wanted), however, if i go to flash -> global settings -> Advanced -> trusted location settings , and add the file that I've downloaded to the trusted locations, It will ignore the crossdomain and let me play (which is not what I want).
here's my crossdomain policy file:
$#"<cross-domain-policy>
<allow-access-from domain=""{Domain}""/>
<site-control permitted-cross-domain-policies=""master-only""/>
<allow-http-request-headers-from domain=""{Domain}"" headers=""*"" secure=""true""/>
</cross-domain-policy>";
I would appreciate any kind of help :=)
I am running a host in MAMP, reachable via http://localhost:8888 and https://myapp.co.uk:8890
My problem is that my flexunit tests are unable to reach a php script running on that host.
At the root is crossdomain.xml file:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies='all'/>
<allow-access-from domain='*' to-ports='*'/>
<allow-access-from domain="localhost" to-ports="*"/>
</cross-domain-policy>
The crossdomain.xml file can be read via either host in my browser.
I am trying to reach a php script, again I can reach this via either host in my browser.
If I set the build configuration to the defaults, I get a straight IOError. If I set the build configuration to use -use-network=true I get:
Warning: Failed to load policy file from https://myapp.co.uk:8890/crossdomain.xml
Followed by a Security Sandbox Violation:
connection to https://myapp.co.uk:8890/path/to/script.php halted -
not permitted from file:///Users/me/path/to/output/_flexunit.swf
It doesn't matter whether I leave the crossdomain.xml file to be loaded automatically, or explictly load it using Security.loadPolicyFile(...)
I'm running my flexunit tests via the flexunit task in IntelliJ IDEA.
Any suggestions? I'm stumped.
Addition: a swf of the application is able to reach the MAMP files no problem, it's only the flexunit test that isn't able to. I'm wondering if it might be something to do with the sockets to get the test results back in to IntelliJ IDEA.
It's a security issue, you can't allow website access for swf on your computer with crossdomain.xml. You have to manually specify trusted SWF or directory on your computer.
Right click on flash player and go to Global Settings.
Open Global Security Settings panel
Click on Edit locations and Add file or folder.
You can look at this site for information with screenshot.
My swf application at domain http://domain1.com/myroot/ must use resources from domain http://domain2.com/myroot2/
When the swf trys to access resources from secondary domain, it get SecurityError:
Error #2048: Security sandbox violation.
It appears because my application tries to load crossdomain.xml (from http:/domain2.com/crossdomain.xml) by default.
My problem is that I do not have access to domain2.com root directory to put the file crossdomain.xml there. I can put it only in http:/domain2.com/myroot2/ directory.
My question is: How to force my swf application to search crossdomain.xml in http:/domain2.com/myroot2/?
P.S. Security.loadPolicyFile("http://domain2.com/myroot2/crossdomain.xml") does not work because by default used metapolicy "master-only" that makes ignore all Security.loadPolicyFile usages.
Flash's new sandbox security requires you to always have a crossdomain policy file on the root of the server. If you are going to put a crossdomain file in the subdirectory, the root's master crossdomain file must allow that on the server.
loadPolicyFile should do it
Security.allowDomain( 'http://domain2.com' );
Security.loadPolicyFile( 'http://domain2.com/myroot2/pf.xml' );
As the title implies i have problems making a very simple (actually an empty project) to run!
I always get the follwing error:
SecurityError: Error #2148: SWF file file:///C:/Users/Σάββας/Adobe Flash Builder 4/Test/bin-debug/Test.swf cannot access local resource file:///C:/Users/Σάββας/Adobe Flash Builder 4/Test/bin-debug/osmf_flex.4.0.0.13495.swf. Only local-with-filesystem and trusted local SWF files may access local resources.
at flash.net::URLStream/load()
at flash.net::URLLoader/load()
at mx.core::CrossDomainRSLItem/load()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\core\CrossDomainRSLItem.as:240]
at mx.core::RSLListLoader/loadNext()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\core\RSLListLoader.as:184]
at mx.core::RSLListLoader/load()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\core\RSLListLoader.as:156]
at mx.preloaders::Preloader/initialize()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\preloaders\Preloader.as:279]
at mx.managers::SystemManager/http://www.adobe.com/2006/flex/mx/internal::initialize()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\managers\SystemManager.as:1925]
at mx.managers::SystemManager/initHandler()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\managers\SystemManager.as:2419]
Is there something i have done wrong? Ι also tried to debug (the empty application) with no success!!
I tried to set the Global Security Settings for the folders involved in developing to always allow but the result is the same!!
My problem is that i will not be able to debug the application which is of verrrryyyy annoying.
I 'm using Flashbuilder 4, FlexSDK4, Mozilla.
Any hint is appreciated!
This error occurs when you try to open an application that uses RSLs in the standalone player or in the browser by using the file system and not a server. It means that you are violating the security sandbox of Flash Player by trying to load file resources.
You must deploy your application and RSLs to a network location, and request the application with a network request so that Flash Player will load the RSL.
If you are testing the application locally, you can add the directory to your Player trust file to avoid this error.
What is a security sandbox violation, and how do I override it? I'm making a project in FlashDevelop, and today, it will not load external files, even though it had been previously. It gives the following output:
************* Security Sandbox Violation ********* Connection to
file:///C|/Documents%20and%20Settings/Kevin.PC885314341208/Desktop/Import%20.txt/StockData/1.txt
halted - not permitted from
file:///C|/Documents%20and%20Settings/Kevin.PC885314341208/Desktop/Import%20.txt/import.swf
I hope this isn't a serious problem.
Thanks for any help.
The error message you posted shows that you're trying to load a local file from a local swf. This error can be fixed for your scenario.
In FlashDevelop, set "Use Network Services" to false (Project Properties -> Compiler Options tab). This will prevent your swf from accessing the internet but will let you load local files. Setting it to true will allow internet access but not access to local files.
In Flash, the setting is under "Publish Settings", Flash tab. It's called "Local playback security" and the settings are "Access local files only" or "Access network only". It's the same setting as in FlashDevelop, just a different name.
You can also switch the "Use Network" flag of a swf file after publish/compile by using the Adobe's free+open Local Content Updater.
You're loading a local file, something that's not permitted. However, as you're developing this you can of course allow this.
Add your project folder to the trusted locations: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html
Edit: I might add that if you run it with networking disabled it will work (this is for development purposes). This happens for example when you run it from the Flash IDE, which would explain why it may have worked before?
You cannot load desktop files when you try to run a SWF through a web browser. Flash does not give you access to the local hard drive, as that would be a major security issue. You will have to place those files on a server somewhere and pass Flash a direct URL.
OK. I got it to work by publishing it using FlashDevelop's built in flashplayer (I don't know how to describe it better). I wasn't able to use the security settings that Antti suggested though.