What is a security sandbox violation, and how do I override it? I'm making a project in FlashDevelop, and today, it will not load external files, even though it had been previously. It gives the following output:
************* Security Sandbox Violation ********* Connection to
file:///C|/Documents%20and%20Settings/Kevin.PC885314341208/Desktop/Import%20.txt/StockData/1.txt
halted - not permitted from
file:///C|/Documents%20and%20Settings/Kevin.PC885314341208/Desktop/Import%20.txt/import.swf
I hope this isn't a serious problem.
Thanks for any help.
The error message you posted shows that you're trying to load a local file from a local swf. This error can be fixed for your scenario.
In FlashDevelop, set "Use Network Services" to false (Project Properties -> Compiler Options tab). This will prevent your swf from accessing the internet but will let you load local files. Setting it to true will allow internet access but not access to local files.
In Flash, the setting is under "Publish Settings", Flash tab. It's called "Local playback security" and the settings are "Access local files only" or "Access network only". It's the same setting as in FlashDevelop, just a different name.
You can also switch the "Use Network" flag of a swf file after publish/compile by using the Adobe's free+open Local Content Updater.
You're loading a local file, something that's not permitted. However, as you're developing this you can of course allow this.
Add your project folder to the trusted locations: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html
Edit: I might add that if you run it with networking disabled it will work (this is for development purposes). This happens for example when you run it from the Flash IDE, which would explain why it may have worked before?
You cannot load desktop files when you try to run a SWF through a web browser. Flash does not give you access to the local hard drive, as that would be a major security issue. You will have to place those files on a server somewhere and pass Flash a direct URL.
OK. I got it to work by publishing it using FlashDevelop's built in flashplayer (I don't know how to describe it better). I wasn't able to use the security settings that Antti suggested though.
Related
Introduction
Honestry,I'm not native English user,so my English is not better.
If you have any question, ask me by comment.
what I wanna do
As a premise,when you try to access local files by web site link,IE or FireFox can access( by simple setting) ,but Chrome can't access for their security poricy.
I found the ways to do this, like below:
add --allow-file-access-from-files option when you execute chrome.exe
build a local server like nginx or Apache HTTP Server,which meditate to access local data
Use chrome extentionEnable local file links
Due to business restrictions,I should resolve this problem by method 1. but I can't enable loacl data link though I set option correctly.
I googled why I can't,but I couldn't find why it won't work.
(In the first place,I can't even find Google official description of --allow-file-access-from-files.How predecessors find that method ... )
While searching、I found person who have the same question、Google Forum.
I'm convinced that this is not my simple miss,but more deep problem,so I decided to make this question.
what I tried
I rebooted computer,killed all process related to chrome,then change directory where contains chrome executable file,and execute chrome.exe --allow-file-access-from-files
I rebooted computer,killed all process related to chrome 、create shortcut on my Desktop ,which destination is "/path/to/chrome/chrome.exe"--allow-file-access-from-files
After execute chrome,I checked chrome boot option to accesschrome://version/.Both method, I could boot chrome by add --allow-file-access-from-files option,but can't achieve first purpose to access local file access.
what I wanna know
lacking or similar to --allow-file-access-from-filesoption、
(solution similar to method 2 or method 3,like "Give up option solution,and use nginx as local server" is unnecessary)
or other solution
Additionary,if you know below info,please teach me.
- Google official documentation which descriptionsallow-file-access-from-files
( Indended to Oracle official Javadoc of Java.)
Using Tool
Chrome Version : 78.0.3904.87
OS : WIndows 7 SP1
Solution: Turns out this win 8 machine was hiding known file extensions. Both of my test files ended up being testing.txt.txt and testing.pdf.pdf which of course would fail when I tried to find testing.txt.
For some reason any part of the VBA api that does file operations fails on my system running windows 8, but succeeds on windows 7 (both running Access 2013).
I was trying to use the FollowHyperlink method as a simple way to open a .pdf file. So I started simple:
FollowHyperlink "C:\TestingFolder" - Yields an explorer window opened to the path (great!)
FollowHyperlink "C:\TestingFolder\foo.pdf" - Yields Error 490 Cannot open the specified file
So then I tried the Filelen function and got another error that it could not access the file.
I ended up at the conclusion that any operation that actually accessed a file would fail, likely due to some security setting. The fact it works on Windows 7 and not 8 seems to indicate that something at the OS level may be at fault.
Resolutions I tried:
Ran Access explicitly as administrator
Moved files into user directories and out of root
Went into the Access Trust Center and disabled all security measures (temporarily)
Tried different file types (.pdf, .txt)
Your problem is not the Windows API, but the installation of the software. The FollowHyperlink, uses the system registry where the file type association is involved. If PDF files are associated with Adobe Reader and you have it installed and made PDF to be, by default open with Adobe then you will not have a problem. However if your system lacks the program that could open a file with a "creepy" extension then it will fail miserably.
Your solution is to find the appropriate program to open the file. Then use the code, it will open the appropriate file with its associated program.
Turns out this win 8 machine was hiding known file extensions. Both of my test files ended up being testing.txt.txt and testing.pdf.pdf which of course would fail when I tried to find testing.txt.
In my Chrome App,I want to load local resources such as audio from user's disk.
If I add the absolute path in my code, the Chrome says "not allowed to load local resource"...
So,how to achive it? Thx
Please this is app not extension.
Chrome Apps are not allowed to access the user's file system directly. file:// URLs are forbidden, as are all the other ways you might try for accessing a file like /home/user/music/demo.mp3. This is by design (so users can install a random Chrome App and trust that it isn't going to read or write their files).
However, Chrome Apps have several APIs available for accessing sandboxed file systems. Since your example is an MP3 file in /home/user/music, you probably should use chrome.mediaGalleries, which will prompt the user for access to common media directories (like /home/user/music) at install time. Then you will be able to access certain file types in certain directories, and prompt the user for music and images in other directories.
As sowbug suggested, you could also use chrome.fileSystem, where you can prompt the user to open a file or directory of their choosing. This will give you access to all files in those directories, but you should only use this if you want non-media file types.
I have some, say, weird situation... Here is what it is:
Flash application which records audio on one server and uploads it on another server.
So, as you likely guessed, I faced that security sandbox violation exceptions/errors and it seems I have to add crossdomain.xml to the root of the server. Ok, did it, but it seems it didn't get downloaded or download process is interupted, so I keep getting this errors.
Could somebody point me to my mistakes, please? I really don't getting what I am doing wrong.
Here is the error I get while trying to upload audio:
Error #2044: Unhandled securityError:. text=Error #2170: Security sandbox
violation: https://ip1/bar/foo cannot send HTTP headers to https://ip2/foo/bar
Here is the content of my crossdomain.xml (test version):
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
p.s. And, yes, crossdomain.xml is accessable via https://ip2/crossdomain.xml address.
ADDITIONAL INFO
I enabled flash logs and was surprised to know that flash is unable to get crossdomain.xml, though it is accessable via browser (with a clause that it is https and it states that there is a certificate issue, or smth like that).
Warning: Failed to load policy file from https://192.168.22.103/crossdomain.xml
ADDITIONAL INFO PART 2
Here is the warning I have in browser in case I try to access crossdomain.xml manually:
Here is the request to download crossdomain.xml ends up with http status code = 0:
Finally, I found out what the problem was. As I developed this application for Internet Explorer there was some tricky things to make it work. As you can see in this picture: there is "The security certificate presented by this website was issued for a different website's address" warning. The thing is that Internet Explorer ALWAYS warns users about this by default and this is the problem which prevents flash player from downloading flash policy file (crossdomain.xml). To override this behaviour you just need to:
Go to the Internet Explorer settings: Click cogwheel icon -> Internet options
Go to advanced tab
Scroll down to the end of the settings list and uncheck "Warn about certificate address mismatch".
IMPORTANT: Kill all instances of IE (if any, check in the Task Manager).
After these steps flash shouldn't have problems with fetching crossdomain.xml.
Really hope that this will help other flex developers avoid such type of issues. Cheers!
Have you tried Security.allowDomain()?
I had similar problem. It was a little bit different because I had sockets involved, but I found that there are some changes in how the flash player uses policy files. You may find this helpful http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
At least it helped me and I wrote this article, which is like conclusion of my case.
Take a look at this paragraph:
Adobe has filed with IANA, the Internet Assigned Numbers Authority, to
reserve port 843 for the purposes of serving socket policy files. By
introducing a centralized location for socket policy files, Flash
Player enables a system administrator to define what ports are
available through one master policy that overrides any other policy
file on the host. If Flash Player 9,0,124,0 cannot retrieve a master
policy file from port 843, then it requests a socket policy file on
the port where it is trying to connect. However, if a policy file is
available from a service on TCP port 843, then Flash Player considers
that to be the authoritative set of permissions for that system.
In my project I just serve the crossdomain.xml file in a specific port.
I had a similiar problem; the .swf on localhost was connecting with REST API over https on a remote server, which had a crossdomain file, but it was throwing 2170. For me the solution was to serve the localhost .html file containing the .swf also on https - that made the problem go away.
As the title implies i have problems making a very simple (actually an empty project) to run!
I always get the follwing error:
SecurityError: Error #2148: SWF file file:///C:/Users/Σάββας/Adobe Flash Builder 4/Test/bin-debug/Test.swf cannot access local resource file:///C:/Users/Σάββας/Adobe Flash Builder 4/Test/bin-debug/osmf_flex.4.0.0.13495.swf. Only local-with-filesystem and trusted local SWF files may access local resources.
at flash.net::URLStream/load()
at flash.net::URLLoader/load()
at mx.core::CrossDomainRSLItem/load()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\core\CrossDomainRSLItem.as:240]
at mx.core::RSLListLoader/loadNext()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\core\RSLListLoader.as:184]
at mx.core::RSLListLoader/load()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\core\RSLListLoader.as:156]
at mx.preloaders::Preloader/initialize()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\preloaders\Preloader.as:279]
at mx.managers::SystemManager/http://www.adobe.com/2006/flex/mx/internal::initialize()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\managers\SystemManager.as:1925]
at mx.managers::SystemManager/initHandler()[E:\dev\4.0.0\frameworks\projects\framework\src\mx\managers\SystemManager.as:2419]
Is there something i have done wrong? Ι also tried to debug (the empty application) with no success!!
I tried to set the Global Security Settings for the folders involved in developing to always allow but the result is the same!!
My problem is that i will not be able to debug the application which is of verrrryyyy annoying.
I 'm using Flashbuilder 4, FlexSDK4, Mozilla.
Any hint is appreciated!
This error occurs when you try to open an application that uses RSLs in the standalone player or in the browser by using the file system and not a server. It means that you are violating the security sandbox of Flash Player by trying to load file resources.
You must deploy your application and RSLs to a network location, and request the application with a network request so that Flash Player will load the RSL.
If you are testing the application locally, you can add the directory to your Player trust file to avoid this error.