Error Handling issues - actionscript-3

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation:
I don't get this error on my local host but I do when I upload it to my server. How
do I properly fix this in Flash CS4?

Check where you are pointing to for any external assets or data. More than likely you need a crossdomain.xml file that will say that it is okay for your server to access the data. To be clear, you need the crossdomain file where the assets are that you are pulling.
More information here: http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
An example of a wide open crossdomain.xml file:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
You can specify a domain where the * is and list multiple allow-access-from nodes. You can also specify all subdomains on a domain by saying *.mydomain.com
To be clear, you do not want to go to production with the wide open example I have given, but it is something you can use to test out and make sure this is your problem. Once you verify this then you can restrict it to the appropriate levels.
Basically though you just create a file called crossdomain.xml and put this xml in it.
Make sure it is placed at the root of the server that the data or assets are being pulled from.

Related

403 Forbidden only when accessing via IP

I'm having a really strange issue. I'm embedding a video player via an object tag. If I go to the page via the server url (ex. 127.0.0.1/stream.html rather than localhost/stream.html), the page does load, but stays at a white screen. Using the web developer tool in FireFox, the console shows a 403: Forbidden Error when grabbing the SWF player. When I use the hostname, there is no issue.
Do you have a cross-domain.xml set in your development environment? Meaning is the SWF player hard-coded to embed from localhost/path/to/player.swf, so it would load from the same hostname of localhost but chokes with 127.0.0.1. Read more on this site.
You could attempt to fix this by setting this file at the root of your localhost document root in a file name cross-domain.xml:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

My swf file in my web server can not load json file from another server

I have a swf file in the root of my server named MyREOPS.swf . And there is "index.html" in the root which embeds this swf. MyREOPS.swf in the server loads the link a json file from an xml, which is also in the same server. Then my swf file, loads the json file, using this link it retrieved from the xml. So, here is my questions and problems :
Problems :
When I run swf in my local pc, it loads this json file from external domain url without problem, provided that the folder which contains the swf has permission ( I gave permission through http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html ). However, when I run the MyREOPS.swf in the webserver through browser, i get this error :
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://www.3facts-engineering.com/MyREOPS.swf cannot load data from http://api.video.mail.ru/videos/mail/kulukamuluka/1/19.json.
Weird thing is the swf file was able to read the xml in the web server. I can understand this ,because it was actually able to see this link : "http://api.video.mail.ru/videos/mail/kulukamuluka/1/19.json". This was ONLY in that xml.
Aren't swf files, downloaded through browser to user's pc, then executed ? How is it possible for that swf to read the xml in the server. I mean that is what I would like it to do. But it feels like it is impossible for that swf to reach that xml while it run in my pc, because the url of xml in swf is given as relative such as "config.xml" .
I hope I was able to express myself throughly. Thank you in advance.
This is a security feature implemented by the Flash runtime.
Cross-domain policy for Flash movies
For security reasons, a Macromedia Flash movie playing in a web
browser is not allowed to access data that resides outside the exact
web domain from which the SWF originated.
When you run locally, your SWF is executing in Flash Projector; therefore, operates differently than when embedded from your site.
On the site you wish to connect, create a crossdomain.xml file, as in:
http://example.com/crossdomain.xml
Within that crossdomain.xml, add parameters, such as:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
<allow-access-from domain="*" to-ports="80,443"/>
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

Error message appear in a old running flash application during AMFPHP call

My app was working fine until today. The probleme is that each request to amfphp return an error message like :
Client.Error.Message Send
Fail to send
In fact, this message is the fault function I put in the caller.
<s:CallResponder id="tracefilm"/>
<trace:Trace id="traceFilm" fault="Alert.show(event.fault.faultString + '\n' + event.fault.faultDetail)" result="traceMaked(event)" showBusyCursor="true"/>
Because I don't know how to find where the problem is... I'll try to view what happens thanks to firebug plugin of FF during execution time.
The solution is simple. I've just fixed this issue in a old streaming app (100% flash).
If you encountered the problem in a old app, you propably don't have the crossdomain.xml file in the root directory of the web server. See Adobe explanation for more details.
I found the solution thanks to firebug. In fact, during Flash loading, the browser tried to access to a file called crossdomain.xml. Of course, the server response was 404 for my part...
You just have to create crossdomain.xml in the server, and to add this piece of code inside :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
Now your application, like mine will works again.

Security Sandbox Violation with Youtube API

I'm getting a very annoying run time error message, which crashes my flash application when it runs in the browser. The error pertains to a 'Security Sandbox Violation' when I attempt to access Youtube's Gdata api. The exact error message reads:
Error: Request for resource at https://gdata.youtube.com/feeds/api/videos?
key=As##2PVR2#lPj#0bVaw_Tvjx1MI6qeAI1gORxErVYDzu2zZy4D18bf8T6pHxsPgIOhs3_44Te
YTVlYLx49goUPbv00udousA&q=The-Muppets-official-trailer&alt=json&max-results=1
by requestor from http://###.com/cws/f/VV.swf is denied due
to lack of policy file permissions.
*** Security Sandbox Violation ***
When I run the SWF locally, everything works fine.
Any ideas?
Thanks.
Edit: I've just added these lines, but still no luck.
Security.loadPolicyFile("http://www.mydomain.com/crossdomain.xml");
Security.loadPolicyFile("https://gdata.youtube.com/crossdomain.xml");
Security.allowDomain("https://gdata.youtube.com");
Security.allowDomain("gdata.youtube.com");
You need to specify a crossdomain.xml policy-file according to Adobe Flash security rules.
1) Place the crossdomain.xml at the root directory of your website
2) Example content (not recommended)
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
3) Load the policy-file into your project (AS3):
System.security.loadPolicyFile("http://www.DOMAIN.net/crossdomain.xml");
Read the reference document for further information.

Security Sandbox Violation, can't connect to Server via Socket

Before I start I should state I have read it all, I was following this, this and this (and more...) and still I cannot connect to our running server via Socket over the internet.
Here is what I try to in AS3:
var host :String = "192.168.2.11";
Security.allowDomain(host);
Security.allowInsecureDomain(host);
Security.loadPolicyFile("xmlsocket://" + host + ":" + "843");
// TTS server socket
_socket = new Socket();
_socket.addEventListener(Event.CLOSE, handleClose);
_socket.addEventListener(IOErrorEvent.IO_ERROR, handleError);
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, handleSecError);
_socket.addEventListener(ProgressEvent.SOCKET_DATA, handleIncomingData);
_socket.addEventListener(Event.CONNECT, handleConnect);
_socket.connect(host, 1337);
As you can see, the host is a local address, but that shouldn't matter as long as I am in this local network. And I am, since this does work from my IDE (FD4).
Also, the swf is on the same server as the application it tries to connect to, but on another port.
The policy file the server sends (we have tried both from port 843 and 1337) is the following:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>
We can see from the log output of the server that this is really sent to the connecting socket. A null byte is of course sent after the xml data. And after that, the server closes the connection. However, it seems that Flash somehow does not like it, as "Error #2048" still appears after ~3 seconds.
We're really out of ideas here...
We managed to get it to work by including another tag:
<site-control permitted-cross-domain-policies="master-only"/>
It seems that this tag is necessary in order to get it to work. We could not get it to work without that tag, no matter which port we tried.
So the complete xml now looks like this in our case (it is of course easy to modify to fit any case):
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
It really is a shame that this line is not included in Adobe's own example (!!). I mean, it IS included in the example files, but not in the article. I don't want to know how many people were stuck at this stage because of that...