I have an application which upload/download files to/from box.net. the application works fine when not deployed on server but when I deploy it on Google App Engine the following error is encountered.
Error #2044: Unhandled securityError:. text=Error #2048: Security
sandbox violation: http://somexyz.appspot.com/xyzsample.swf cannot
load data from http://box.net/api/1.0/download/abcdef/123456.
I have included the below lines of code in as3
Security.allowDomain("*");
and placed crossdomain.xml in app root folder (Google App Engine) and can access the file using somexyz.appspot.com/crossdomain.xml
crossdomain.xml contains the below lines
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
<allow-http-request-headers-from domain="*"/>
</cross-domain-policy>
I am also getting the same issue when I tried using tomcat.
If you are loading from box.net, you need to check the http://box.net/crossdomain.xml
and there you can read following:
<!--
Box has recently changed its crossdomain policy for API calls made from Flash.
To continue using Box API, please add the following line to the code of your Flash
application:
- AS2: System.security.loadPolicyFile("http://www.box.net/api/crossdomain.xml");
- AS3: Security.loadPolicyFile("http://www.box.net/api/crossdomain.xml");
-->
UPDATE
Please be sure that you are adding it corectly:
Security.loadPolicyFile("http://www.box.net/api/crossdomain.xml")
And when loading:
*.load('http://www.box.net/api/1.0/download/abcdef/123456');
so that the path to the server would be the same: http://www.box.net/
For flash the http://www.box.net/ and http://box.net/ are 2 different domain names.
Related
I am writing an AS3 application which requires downloading xml file from external server.I am trying to connect to the external server (while testing from my local machine) to load the file however The URLLoader is unable to load it and showing "Error opening URL ". However when I put the exact url in browser, the xml file is loaded properly. The server uses https.
Following are the code/settings I am using
Security.allowDomain("*");
Security.allowInsecureDomain("*");
xmlfile = new URLLoader(new URLRequest("<fullurl>"));
The eventlistener are set properly for the loader, and have been tested locally.
I am using FlashIDE and the publish setting is set to "Access Network Only".
The server which is being connected to serves the crossdomain.xml in the root directory and contains the followings.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" secure="true"/>
</cross-domain-policy>
I am unable to understand what is missing in my code/settings to make it work, after searching for very long time.
I have tried to connect to other server using URLRequest and it seems to be working. For example following line doesn't show the earlier mentioned error
xmlfile = new URLLoader(new URLRequest("https://www.google.com"));
This was working fine the last time I tried it a few days ago, but I am getting a strange error now. I have Xamp running with this file in htdocs call YAM.xml:
<?xml version="1.0" encoding="utf-8"?>
<VAST version="2.0">
<Ad id="TEST">
<InLine>
<AdSystem version="3.1">Test</AdSystem>
<AdTitle>JVAM Test</AdTitle>
<Impression></Impression>
<Creatives>
<Creative sequence="1">
<Linear>
<Duration>00:00:15</Duration>
<MediaFiles>
<MediaFile delivery="progressive" width="640" height="480" scalable="1" type="video/mp4">
<![CDATA[http://127.0.0.1/YAM.swf?someVar=123344&vastUrl=http://127.0.0.1/Yashi200_15sec.mp4&vastUrl=http%3A%2F%2Fad4.liverail.com%2F%3FLR_PUBLISHER_ID%3D1331%26LR_SCHEMA%3Dvast2-vpaid&domainName=developers.google.com&fallbackVastUrl=http%3A%2F%2Fad4.liverail.com%2F%3FLR_PUBLISHER_ID%3D1331%26LR_SCHEMA%3Dvast2]]>
</MediaFile>
</MediaFiles>
<VideoClicks>
<VideoClick>
<ClickThrough>
<![CDATA[http://www.cats.com]]>
</ClickThrough>
</VideoClick>
</VideoClicks>
</Linear>
</Creative>
</Creatives>
</InLine>
</Ad>
</VAST>
Also, my crossdomain.xml looks like this:
<?xml version="1.0" ?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
I'm entering the path to this VAST xml (http://127.0.0.1/YAM.xml) into a VAST validator in the browser like the one here: http://zutils.zedo.com/vastvalidator/
For some reason when I try test the ad it gives this error:
* Security Sandbox Violation * Connection to tmp/ Warning: file_get_contents(http://127.0.0.1/YAM.xml): failed
to open stream: HTTP request failed! HTTP/1.0 500 Internal Server
Error in
/home/adwww/apache/htdocs/adwww/vastvalidator/createxmlfile.php
on line 3 zedoxml144583131.xml halted - not permitted
from
http://zutils.zedo.com/vastvalidator/ova.jwplayer.5x/dist/swf/5.9.swf
Error #2044: Unhandled error:. text=Task Queue failed at step 0: Error
2048: Security sandbox violation: http://zutils.zedo.com/vastvalidator/ova.jwplayer.5x/dist/swf/5.9.swf
cannot load data from tmp/ Warning:
file_get_contents(http://127.0.0.1/YAM.xml): failed to open stream:
HTTP request failed! HTTP/1.0 500 Internal Server Error in
/home/adwww/apache/htdocs/adwww/vastvalidator/createxmlfile.php
on line 3 zedoxml144583131.xml.
The local server is running, and if I put http://127.0.0.1/YAM.xml into my address bar I see the xml file.
I have been banging my head against the wall for a few days so if someone sees the problem please help. thanks.
127.0.0.1 is localhost, the server cannot reach you (your file) through that IP.
I got this error message when trying to load a game from the browser:
*** Security Sandbox Violation ***
SecurityDomain 'https://playerio.s3.amazonaws.com/competitions/ega2012/swf/Nhm-JFy6dEyuemmaE59BSQ.swf?AWSAccessKeyId=1Q3ETXSFA8S2F2TSA9R2&Expires=1361787227&Signature=TBCVKQDGlxthLj2YhoumxTxUGOo%3D' tried to access incompatible context 'http://cdn.playerio.com/rts-tvkyczvzk5uwqv8z12rw/Game2build29.swf'
SecurityError: Error #2121: Security sandbox violation: LoaderInfo.content: https://playerio.s3.amazonaws.com/competitions/ega2012/swf/Nhm-JFy6dEyuemmaE59BSQ.swf?AWSAccessKeyId=1Q3ETXSFA8S2F2TSA9R2&Expires=1361787227&Signature=TBCVKQDGlxthLj2YhoumxTxUGOo%3D cannot access http://cdn.playerio.com/rts-tvkyczvzk5uwqv8z12rw/Game2build29.swf. This may be worked around by calling Security.allowDomain.
at flash.display::LoaderInfo/get content()
at Loader3_fla::MainTimeline/onCompleteHandler()[Loader3_fla.MainTimeline::frame1:86]
It says you can workaround this error by using Security.allowDomain(), but I am not sure which domain to allow!
You should put crossdomain.xml in your project folder, in which you can allow all domains or some specific domains from which your application is fetching data.
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
above is for all domains, if you want to allow some specific domains :
<allow-access-from domain="www.mysite.com" />
<allow-access-from domain="mysite.com" />
I have a flex 3 app that is attempting to load images from Amazon S3. The images fail to load, so I fired up debug mode. In debug mode, the images load, but I also get the following output in the debugger:
*** Security Sandbox Violation ***
SecurityDomain 'http://something.s3.amazonaws.com/logos/mylogo.png' tried to access incompatible context 'http://localhost/myapp/bin-debug/index.html?debug=true'
I have added a crossdomain.xml file into the root of my bucket as follows, but this does not seem to help:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" />
</cross-domain-policy>
Am I missing something obvious here?
Maybe problem in site authorization. When I visited your url I got "Access Denied". It works for one env but not for other.
Your don't need crossdomain.xml for just displaying images in your way with image.source, so problem not in Flash Player security.
You trace says that image is loaded but it can't access parent sandbox. It doesn't help to debug problem. Try to use ServiceCapture or Firebug or Charles to define of what actually being loaded to Flash Player.
I need to access an ASP.Net2 page from Action Script 3.0 and I wrote the code in .fla file that access the asp.net page but there is a problem in the accessing it reports to me the following error :
Error opening URL 'http://localhost/Trial/Default.aspx'
Error #2044: Unhandled ioError:. text=Error #2032: Stream Error. URL: http://localhost/Trial/Default.aspx
at Script1/sendSQLXML()
at Script1$iinit()
and after searching I found that it is a problem related to Cross Domain policy so I created an XML file called Crossdomain.xml with the following code:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>
and i don't know how to use it from ACS3 and where to put it
Note: i run the Asp.Net2 page in the IIS
Look into the loadPolicyFile(..) method: http://livedocs.adobe.com/flex/3/langref/flash/system/Security.html#loadPolicyFile()
IF you're working localy (http://localhost/Tri...), i'm not sure that the problem come from some CrossDomain issues...
Typically the crossdomain file gets placed at the root of the server, if you are running locally you shouldn't be having crossdomain issues, but you might want to try placing it in c:\inetput\wwwroot\ and see if that addresses your issue.
crossdomain.xml gets put at the root of the server you are trying to access. that's the default location such that you won't need to call Security.loadPolicyFile()