My swf application at domain http://domain1.com/myroot/ must use resources from domain http://domain2.com/myroot2/
When the swf trys to access resources from secondary domain, it get SecurityError:
Error #2048: Security sandbox violation.
It appears because my application tries to load crossdomain.xml (from http:/domain2.com/crossdomain.xml) by default.
My problem is that I do not have access to domain2.com root directory to put the file crossdomain.xml there. I can put it only in http:/domain2.com/myroot2/ directory.
My question is: How to force my swf application to search crossdomain.xml in http:/domain2.com/myroot2/?
P.S. Security.loadPolicyFile("http://domain2.com/myroot2/crossdomain.xml") does not work because by default used metapolicy "master-only" that makes ignore all Security.loadPolicyFile usages.
Flash's new sandbox security requires you to always have a crossdomain policy file on the root of the server. If you are going to put a crossdomain file in the subdirectory, the root's master crossdomain file must allow that on the server.
loadPolicyFile should do it
Security.allowDomain( 'http://domain2.com' );
Security.loadPolicyFile( 'http://domain2.com/myroot2/pf.xml' );
Related
I have http://192.168.230.237:20080 Server
file located on "/etc/Jay/log/jay.txt"
I tried with "http://192.168.230.237:20080/etc/Jay/log/jay.txt" this link gives me "404 NOT Found"
Here I can I link my file to link
Your HTTP server will have a configuration option somewhere (Apache HTTPD calls it DocumentRoot) which determines where http://example.com/ maps onto the filesystem of the computer.
Commonly this will be /var/www/.
Unless you change it to / (which would expose your entire filesystem over HTTP and is very much not recommended), you can't access arbitrary files on the computer.
/etc/ is used to store configuration information for software installed on the computer. It should almost never be exposed outside the computer.
The best solution to your problem is probably:
Look at the configuration of your HTTP server and identify the document root (e.g. /var/www/)
Move your website files to that directory
If you really want to expose files under /etc via HTTP then you could also change the document root.
Your webserver might also support features like Apache HTTPD's Alias directive which allows you to map a URL onto a file that can be outside the DocumentRoot.
I have some, say, weird situation... Here is what it is:
Flash application which records audio on one server and uploads it on another server.
So, as you likely guessed, I faced that security sandbox violation exceptions/errors and it seems I have to add crossdomain.xml to the root of the server. Ok, did it, but it seems it didn't get downloaded or download process is interupted, so I keep getting this errors.
Could somebody point me to my mistakes, please? I really don't getting what I am doing wrong.
Here is the error I get while trying to upload audio:
Error #2044: Unhandled securityError:. text=Error #2170: Security sandbox
violation: https://ip1/bar/foo cannot send HTTP headers to https://ip2/foo/bar
Here is the content of my crossdomain.xml (test version):
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
p.s. And, yes, crossdomain.xml is accessable via https://ip2/crossdomain.xml address.
ADDITIONAL INFO
I enabled flash logs and was surprised to know that flash is unable to get crossdomain.xml, though it is accessable via browser (with a clause that it is https and it states that there is a certificate issue, or smth like that).
Warning: Failed to load policy file from https://192.168.22.103/crossdomain.xml
ADDITIONAL INFO PART 2
Here is the warning I have in browser in case I try to access crossdomain.xml manually:
Here is the request to download crossdomain.xml ends up with http status code = 0:
Finally, I found out what the problem was. As I developed this application for Internet Explorer there was some tricky things to make it work. As you can see in this picture: there is "The security certificate presented by this website was issued for a different website's address" warning. The thing is that Internet Explorer ALWAYS warns users about this by default and this is the problem which prevents flash player from downloading flash policy file (crossdomain.xml). To override this behaviour you just need to:
Go to the Internet Explorer settings: Click cogwheel icon -> Internet options
Go to advanced tab
Scroll down to the end of the settings list and uncheck "Warn about certificate address mismatch".
IMPORTANT: Kill all instances of IE (if any, check in the Task Manager).
After these steps flash shouldn't have problems with fetching crossdomain.xml.
Really hope that this will help other flex developers avoid such type of issues. Cheers!
Have you tried Security.allowDomain()?
I had similar problem. It was a little bit different because I had sockets involved, but I found that there are some changes in how the flash player uses policy files. You may find this helpful http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
At least it helped me and I wrote this article, which is like conclusion of my case.
Take a look at this paragraph:
Adobe has filed with IANA, the Internet Assigned Numbers Authority, to
reserve port 843 for the purposes of serving socket policy files. By
introducing a centralized location for socket policy files, Flash
Player enables a system administrator to define what ports are
available through one master policy that overrides any other policy
file on the host. If Flash Player 9,0,124,0 cannot retrieve a master
policy file from port 843, then it requests a socket policy file on
the port where it is trying to connect. However, if a policy file is
available from a service on TCP port 843, then Flash Player considers
that to be the authoritative set of permissions for that system.
In my project I just serve the crossdomain.xml file in a specific port.
I had a similiar problem; the .swf on localhost was connecting with REST API over https on a remote server, which had a crossdomain file, but it was throwing 2170. For me the solution was to serve the localhost .html file containing the .swf also on https - that made the problem go away.
I'm having the following problem when I'm loading a swf inside a swfloader. That thing is that this subapp has a config file, and when this config file is being accessed by the subapp it throws an Security error (#2148).
I thought it was the crossdomain.xml file, but it has no reestrictions:
I suppose that the subapp is trying to access a config file that is in the swf parent server insted of trying to access its own file in the server where it is installed;
Somebody knows how to make this swfloader access its own data, or some way to solve this issue?
Thanks
Ok solved. !!
Lookslike I needed to test on the server, not on my local folder.
For this, I changed the flash builder "output folder" in "flex build path" project properties to throw the compilation resources to my server folder.
aditionaly to help in the debugging I created a new run configuration where the path to launch where the swf in my server folder.
Thanks for the people that helped me a little. Thanks :)
As the title implies i have problems making a very simple (actually an empty project) to run!
I always get the follwing error:
SecurityError: Error #2148: SWF file file:///C:/Users/Σάββας/Adobe Flash Builder 4/Test/bin-debug/Test.swf cannot access local resource file:///C:/Users/Σάββας/Adobe Flash Builder 4/Test/bin-debug/osmf_flex.4.0.0.13495.swf. Only local-with-filesystem and trusted local SWF files may access local resources.
at flash.net::URLStream/load()
at flash.net::URLLoader/load()
at mx.core::CrossDomainRSLItem/load()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\core\CrossDomainRSLItem.as:240]
at mx.core::RSLListLoader/loadNext()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\core\RSLListLoader.as:184]
at mx.core::RSLListLoader/load()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\core\RSLListLoader.as:156]
at mx.preloaders::Preloader/initialize()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\preloaders\Preloader.as:279]
at mx.managers::SystemManager/http://www.adobe.com/2006/flex/mx/internal::initialize()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\managers\SystemManager.as:1925]
at mx.managers::SystemManager/initHandler()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\managers\SystemManager.as:2419]
Is there something i have done wrong? Ι also tried to debug (the empty application) with no success!!
I tried to set the Global Security Settings for the folders involved in developing to always allow but the result is the same!!
My problem is that i will not be able to debug the application which is of verrrryyyy annoying.
I 'm using Flashbuilder 4, FlexSDK4, Mozilla.
Any hint is appreciated!
This error occurs when you try to open an application that uses RSLs in the standalone player or in the browser by using the file system and not a server. It means that you are violating the security sandbox of Flash Player by trying to load file resources.
You must deploy your application and RSLs to a network location, and request the application with a network request so that Flash Player will load the RSL.
If you are testing the application locally, you can add the directory to your Player trust file to avoid this error.
What is a security sandbox violation, and how do I override it? I'm making a project in FlashDevelop, and today, it will not load external files, even though it had been previously. It gives the following output:
************* Security Sandbox Violation ********* Connection to
file:///C|/Documents%20and%20Settings/Kevin.PC885314341208/Desktop/Import%20.txt/StockData/1.txt
halted - not permitted from
file:///C|/Documents%20and%20Settings/Kevin.PC885314341208/Desktop/Import%20.txt/import.swf
I hope this isn't a serious problem.
Thanks for any help.
The error message you posted shows that you're trying to load a local file from a local swf. This error can be fixed for your scenario.
In FlashDevelop, set "Use Network Services" to false (Project Properties -> Compiler Options tab). This will prevent your swf from accessing the internet but will let you load local files. Setting it to true will allow internet access but not access to local files.
In Flash, the setting is under "Publish Settings", Flash tab. It's called "Local playback security" and the settings are "Access local files only" or "Access network only". It's the same setting as in FlashDevelop, just a different name.
You can also switch the "Use Network" flag of a swf file after publish/compile by using the Adobe's free+open Local Content Updater.
You're loading a local file, something that's not permitted. However, as you're developing this you can of course allow this.
Add your project folder to the trusted locations: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html
Edit: I might add that if you run it with networking disabled it will work (this is for development purposes). This happens for example when you run it from the Flash IDE, which would explain why it may have worked before?
You cannot load desktop files when you try to run a SWF through a web browser. Flash does not give you access to the local hard drive, as that would be a major security issue. You will have to place those files on a server somewhere and pass Flash a direct URL.
OK. I got it to work by publishing it using FlashDevelop's built in flashplayer (I don't know how to describe it better). I wasn't able to use the security settings that Antti suggested though.