AS3 Security SandBox Violation - actionscript-3

I got this error message when trying to load a game from the browser:
*** Security Sandbox Violation ***
SecurityDomain 'https://playerio.s3.amazonaws.com/competitions/ega2012/swf/Nhm-JFy6dEyuemmaE59BSQ.swf?AWSAccessKeyId=1Q3ETXSFA8S2F2TSA9R2&Expires=1361787227&Signature=TBCVKQDGlxthLj2YhoumxTxUGOo%3D' tried to access incompatible context 'http://cdn.playerio.com/rts-tvkyczvzk5uwqv8z12rw/Game2build29.swf'
SecurityError: Error #2121: Security sandbox violation: LoaderInfo.content: https://playerio.s3.amazonaws.com/competitions/ega2012/swf/Nhm-JFy6dEyuemmaE59BSQ.swf?AWSAccessKeyId=1Q3ETXSFA8S2F2TSA9R2&Expires=1361787227&Signature=TBCVKQDGlxthLj2YhoumxTxUGOo%3D cannot access http://cdn.playerio.com/rts-tvkyczvzk5uwqv8z12rw/Game2build29.swf. This may be worked around by calling Security.allowDomain.
at flash.display::LoaderInfo/get content()
at Loader3_fla::MainTimeline/onCompleteHandler()[Loader3_fla.MainTimeline::frame1:86]
It says you can workaround this error by using Security.allowDomain(), but I am not sure which domain to allow!

You should put crossdomain.xml in your project folder, in which you can allow all domains or some specific domains from which your application is fetching data.
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
above is for all domains, if you want to allow some specific domains :
<allow-access-from domain="www.mysite.com" />
<allow-access-from domain="mysite.com" />

Related

Security Error Loading Local Xml File

This was working fine the last time I tried it a few days ago, but I am getting a strange error now. I have Xamp running with this file in htdocs call YAM.xml:
<?xml version="1.0" encoding="utf-8"?>
<VAST version="2.0">
<Ad id="TEST">
<InLine>
<AdSystem version="3.1">Test</AdSystem>
<AdTitle>JVAM Test</AdTitle>
<Impression></Impression>
<Creatives>
<Creative sequence="1">
<Linear>
<Duration>00:00:15</Duration>
<MediaFiles>
<MediaFile delivery="progressive" width="640" height="480" scalable="1" type="video/mp4">
<![CDATA[http://127.0.0.1/YAM.swf?someVar=123344&vastUrl=http://127.0.0.1/Yashi200_15sec.mp4&vastUrl=http%3A%2F%2Fad4.liverail.com%2F%3FLR_PUBLISHER_ID%3D1331%26LR_SCHEMA%3Dvast2-vpaid&domainName=developers.google.com&fallbackVastUrl=http%3A%2F%2Fad4.liverail.com%2F%3FLR_PUBLISHER_ID%3D1331%26LR_SCHEMA%3Dvast2]]>
</MediaFile>
</MediaFiles>
<VideoClicks>
<VideoClick>
<ClickThrough>
<![CDATA[http://www.cats.com]]>
</ClickThrough>
</VideoClick>
</VideoClicks>
</Linear>
</Creative>
</Creatives>
</InLine>
</Ad>
</VAST>
Also, my crossdomain.xml looks like this:
<?xml version="1.0" ?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
I'm entering the path to this VAST xml (http://127.0.0.1/YAM.xml) into a VAST validator in the browser like the one here: http://zutils.zedo.com/vastvalidator/
For some reason when I try test the ad it gives this error:
* Security Sandbox Violation * Connection to tmp/ Warning: file_get_contents(http://127.0.0.1/YAM.xml): failed
to open stream: HTTP request failed! HTTP/1.0 500 Internal Server
Error in
/home/adwww/apache/htdocs/adwww/vastvalidator/createxmlfile.php
on line 3 zedoxml144583131.xml halted - not permitted
from
http://zutils.zedo.com/vastvalidator/ova.jwplayer.5x/dist/swf/5.9.swf
Error #2044: Unhandled error:. text=Task Queue failed at step 0: Error
2048: Security sandbox violation: http://zutils.zedo.com/vastvalidator/ova.jwplayer.5x/dist/swf/5.9.swf
cannot load data from tmp/ Warning:
file_get_contents(http://127.0.0.1/YAM.xml): failed to open stream:
HTTP request failed! HTTP/1.0 500 Internal Server Error in
/home/adwww/apache/htdocs/adwww/vastvalidator/createxmlfile.php
on line 3 zedoxml144583131.xml.
The local server is running, and if I put http://127.0.0.1/YAM.xml into my address bar I see the xml file.
I have been banging my head against the wall for a few days so if someone sees the problem please help. thanks.
127.0.0.1 is localhost, the server cannot reach you (your file) through that IP.

Error: SWF from http://xx.xxx.xxx.xx/vw.swf?nocache=1.1 may not connect to a socket in its own domain without a policy file

Im getting this error every now and then. I mean its not coming always some times it gives error and some times it doesnt.
I have checked all other similar posts but no solution worked!!
my crossdomain xml is at the root of the domain and is
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from to-ports="*" domain="*" secure="false"/>
</cross-domain-policy>
And in actionScipt ive got
Security.allowDomain("*");
Security.loadPolicyFile("./crossdomain.xml");
And still getting the below error,
Warning: Timeout on xmlsocket://xx.xxx.xxx.xx:843 (at 3 seconds) while waiting for socket policy file. This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation.
## SecurityError: [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: http://xx.xxx.xxx.xx/vw.swf?nocache=1.1 cannot load data from xx.xxx.xxx.xx:9933."]
Warning: Timeout on xmlsocket://xx.xxx.xxx.xx:9933 (at 3 seconds) while waiting for socket policy file. This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation.
Error: SWF from http://xx.xxx.xxx.xx/vw.swf?nocache=1.1 may not connect to a socket in its own domain without a policy file. See http://www.adobe.com/go/strict_policy_files to fix this problem.
*** Security Sandbox Violation ***
Connection to xx.xxx.xxx.xx:9933 halted - not permitted from http://xx.xxx.xxx.xx/vw.swf?nocache=1.1
Please help.
It will not work. Your socket server should return crossdomain policy file, so your socket connection can be established. For example simple PHP realisation - 90 line of code.

Security sandbox violation cannot load data from box.net

I have an application which upload/download files to/from box.net. the application works fine when not deployed on server but when I deploy it on Google App Engine the following error is encountered.
Error #2044: Unhandled securityError:. text=Error #2048: Security
sandbox violation: http://somexyz.appspot.com/xyzsample.swf cannot
load data from http://box.net/api/1.0/download/abcdef/123456.
I have included the below lines of code in as3
Security.allowDomain("*");
and placed crossdomain.xml in app root folder (Google App Engine) and can access the file using somexyz.appspot.com/crossdomain.xml
crossdomain.xml contains the below lines
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
<allow-http-request-headers-from domain="*"/>
</cross-domain-policy>
I am also getting the same issue when I tried using tomcat.
If you are loading from box.net, you need to check the http://box.net/crossdomain.xml
and there you can read following:
<!--
Box has recently changed its crossdomain policy for API calls made from Flash.
To continue using Box API, please add the following line to the code of your Flash
application:
- AS2: System.security.loadPolicyFile("http://www.box.net/api/crossdomain.xml");
- AS3: Security.loadPolicyFile("http://www.box.net/api/crossdomain.xml");
-->
UPDATE
Please be sure that you are adding it corectly:
Security.loadPolicyFile("http://www.box.net/api/crossdomain.xml")
And when loading:
*.load('http://www.box.net/api/1.0/download/abcdef/123456');
so that the path to the server would be the same: http://www.box.net/
For flash the http://www.box.net/ and http://box.net/ are 2 different domain names.

Adobe Flex unable to load images from Amazon S3

I have a flex 3 app that is attempting to load images from Amazon S3. The images fail to load, so I fired up debug mode. In debug mode, the images load, but I also get the following output in the debugger:
*** Security Sandbox Violation ***
SecurityDomain 'http://something.s3.amazonaws.com/logos/mylogo.png' tried to access incompatible context 'http://localhost/myapp/bin-debug/index.html?debug=true'
I have added a crossdomain.xml file into the root of my bucket as follows, but this does not seem to help:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" />
</cross-domain-policy>
Am I missing something obvious here?
Maybe problem in site authorization. When I visited your url I got "Access Denied". It works for one env but not for other.
Your don't need crossdomain.xml for just displaying images in your way with image.source, so problem not in Flash Player security.
You trace says that image is loaded but it can't access parent sandbox. It doesn't help to debug problem. Try to use ServiceCapture or Firebug or Charles to define of what actually being loaded to Flash Player.

Cross Domain policy file forActionscript 3.0

I need to access an ASP.Net2 page from Action Script 3.0 and I wrote the code in .fla file that access the asp.net page but there is a problem in the accessing it reports to me the following error :
Error opening URL 'http://localhost/Trial/Default.aspx'
Error #2044: Unhandled ioError:. text=Error #2032: Stream Error. URL: http://localhost/Trial/Default.aspx
at Script1/sendSQLXML()
at Script1$iinit()
and after searching I found that it is a problem related to Cross Domain policy so I created an XML file called Crossdomain.xml with the following code:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>
and i don't know how to use it from ACS3 and where to put it
Note: i run the Asp.Net2 page in the IIS
Look into the loadPolicyFile(..) method: http://livedocs.adobe.com/flex/3/langref/flash/system/Security.html#loadPolicyFile()
IF you're working localy (http://localhost/Tri...), i'm not sure that the problem come from some CrossDomain issues...
Typically the crossdomain file gets placed at the root of the server, if you are running locally you shouldn't be having crossdomain issues, but you might want to try placing it in c:\inetput\wwwroot\ and see if that addresses your issue.
crossdomain.xml gets put at the root of the server you are trying to access. that's the default location such that you won't need to call Security.loadPolicyFile()