ActionScript 2.0 :: What's The System.security.allowDomain()
Jun 11, 2004I don't understand Flash2004's Help about System.security.allowDomain().
View 1 RepliesI don't understand Flash2004's Help about System.security.allowDomain().
View 1 Replieshow does it work?
Code:
var domain = "http://www.mydomain.com";
System.security.allowDomain(domain)
I've got a Flash movie, loading data from an external URL. In fact, it's a RSS reader inside a banner.Everything works perfectly when the Flash movie and data URL are on the same domain. However, if the Flash movie is on another domain, Flash security kicks in.The manual says that I can allow a domain trough Security.AllowDomain()
system.Security.allowDomain("http://www.mydomain.abc/")
xmlData = new XML();
xmlData.ignoreWhite = true;
[code]....
I have the line:
Security.allowDomain("*.expressionstributes.com");
But when I got to my movie, I get: Security sandbox violation: LoaderInfo.content:[URL]cannot access [URL]. This may be worked around by calling Security.allowDomain Am I missing something? Does it not work with wildcards?I like AS3, but I really think they screwed up up the security model... and URLRequests...
Our partners are requiring that we display a news.swf in our flash app outside of its domain. This is causing a mess of sandbox violations. The loaded news.swf is more or less a black box although I dug around in a flash decompiler and what looks like the document class has:
Security.allowDomain("*");
Security.allowInsecureDomain("*");
This is also in the constructor of client.swf. I should also note that client.swf is embedded in client.html. So client.swf is loading news.swf and adding it to the display list. Once it is added to the stage it starts spitting out a handful of errors. Run on my local file system:
[Code]...
I have a small problem with the security function. I have made a small banner there post a titel from a RRS feed. The RSS feed coms form extern domain. When I run the banner local it's work out perfect, but online it dosent works I use this code to permit the externe communication: Security.allowDomain([URL]);
[Code]...
I'm doing a project based on youtube videos and BitmapData Draw method. It works fine inside flash authoring but when I upload it on a web server the draw method does not work due to security issues. I tried different methods like
ActionScript Code:
flash.system.Security.allowDomain("[URL]");
flash.system.Security.loadPolicyFile("[URL]");
Or this [URL] but it seems there's no way to make it work.
I need to figure out a way to check if a crossdomain policy file has been loaded before initializing a certain component. The component won't work correctly if the crossdomain policy hasn't been loaded. Is there a way to do this? I can't figure out a way to get this working. This is the script I'm using:
System.security.loadPolicyFile("http://www.remotewebsite.com/crossdomain.xml");
How to post variables to another domain. The other domain is a free cgi-bin service. So I cannot upload a shim movie there. That is, I need to post variables directly to a cgi script on the domain. Is it possible to do so?
View 5 RepliesSpecifically, the developer of a web service I'm trying to call has installed a cross-domain policy file on his server at:[URL] So, in my SWF, I'm calling this:
[Code]....
Of course, it's not there, so it fails to load. (If the developer could install the file at the root, I wouldn't have this problem, so I wouldn't be using System.security.loadPolicyFile in the first place). It's not just in the IDE - when I test the app in Firefox with Firebug, I can see that the SWF is attempting to load the policy file from [URL].
I've stripped down the SWF so that it does nothing else but attempt to load the policy file from the subdirectory, and it still fails. So, I don't think this has to do with any idiosyncrasies of my specific app. Bottom line - does the System.security.loadPolicyFile work? Is there something else I need to do in conjunction with that call to get it to work? Or, is there something I'm doing wrong?
I am loading an XML from another server and it's my understanding that I need a crossdomain.xml or use System.allowDomain().I opted for the latter to have more flexibilty, but it doesn't seem to be working.
Code:
import flash.display.*;
import flash.xml.*;
import flash.net.*;
[code]....
I am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
[code]......
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
View 2 RepliesI got a textfile who i am reading on a serverside script and passing it as a script to my client side as3 code. The problem is that i am using characters like ä,ö,ü,ß and this isn't well displayed. I tried System.useCodePage but the compiler complains about : 1120: Access of undefined property 'System'. It doesnt matter if I tried this on the first line of the 'Action' in the first scene or in the first line of the first .as file i am loading. (btw i am only working with .as file and not in the timeline). When i am importing flash.System.* the compiler complains he dont know useCodePage.
View 3 RepliesI'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
My SWF resides on domain A, is loaded by a web site on domain B and is trying to ping URL (URLLoader.load) on domain C. But I am getting "#2048: Security sandbox violation" .. why? Of course I have read the manual, I saw the security white paper but I do not understand it. Don't you know any blog or such where it is explained for dummies? With lots of examples and maybe a table showing what is allowed and what is not?
View 2 RepliesIs it possible to make this a mask? The system contains one movieclip of a circle called ball, also a class called ball and a class called particle. I want the particle system movieclips to display an image...I'm sure this is possible...just have not been able to find a way. A little backround, I'm a completely selftaught n00b when it comes to AS3, but I'm grasping it fairly well... the tutorial is on this website, called A Simple Particle System Using Actionscript 3.
View 0 RepliesI get following error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: [URL] cannot load data from 192.168.3.5:4854. at TicTacToe_fla::MainTimeline/TicTacToe_fla::frame1() ". I tryed to solve this problem about 3 hours, but I failed I have the file crossdomain.xml in the same folder like my .swf file on the server with this content:
[Code]...
I build a web site in flex that some time take input. Will this website works on Touch Screen environment(KIOSK).My question is we have to make any change to handle input such as prompt on screen keyboard when input fields are get focused or it will manage my device and OS of system(KIOSK, Touch screen system) itself.
View 2 RepliesI'm a designer considering creating a video project with Flash. I've read some of the security threads on the board, but they are way over my head. I will have a simple Flash file with text and a dozen imported FLV video files.If I use the "protect from import" option, will that keep the videos from being stolen from within the swf? Or, is that just a mediocre hurdle that can be easily overcome by someone wanting to dig into my file?
View 4 RepliesI read about security issues in using GetURL.Is this only with javascript? If I use the getURL to open a blank window where all the HTML and swf are on the same server are those pages and swfs safe from injection, etc? I'm working in Flash 8 with AS 2.0.
View 3 Repliesi wrote a flash script that is embedded into an html page. The flash script (AS3), needs access to the users microphone and camera. I've seen on other websites when they want to use my camera/ microphone flash automatically pops up a box asking the user to permit.
In my case, even though in my global settings for my webpage it says "always ask" under permissions, flash doesnt ask me anything and just blocks the script from accessing the microphone. The script loads fine, just doesnt prompt for access and the user has to manually right click, and go to settings and put setting to "allow".
Searching for this topic on google is rather difficult as there is too much irrelevant stuff with the same keywords.
Edit: This is how i embed just in case im not doing it right.
<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=10,0,0,0" width="200" height="20" id="myflash" align="middle">
<param name="allowScriptAccess" value="always" />
[code].....
I have a flash movie which loads some images dynamically, through hphp gateway files. It works fine accessing through [URL]but not through [URL] So it does not work without www.I am passing from HTML to Flash through params flashvars the path of the server, with www.
View 2 RepliesI'm using a Amf channel , How to add security to My channel..
View 2 RepliesI am trying to create a security feature for my SWF's.I have a .txt file named security.txt.It has a variable called permissionGranted and is set to false
Code:
permissionGranted=false
Here is my AS:
Code:
Stage.showMenu = false;
Stage.scaleMode = "noscale";[code]..........
This doesn't work though,it traces true of false correctly but won't touch the if statement.
How would I go about checking this setting on a loaded SWF file? For example, I have parent swf A, loading child Swf B. Once swf B is loaded into child A, how do I check child B's local security setting property?
View 1 RepliesI have a script that uses a webcam as input the problem is my site needs to wait to do stuff untill the security box that allows the webcamera to be used has closed....I looked in the docs
View 2 Repliesam modifiying some flash banners with a simple link(fp 8, actionscript 2.0). Why do i get this flashplayer security warning when i click it?The original sample banners i'm working from don't have this. How can I prevent this from popping up, without going into adobe's settings?
View 1 RepliesI have a Flash swf file on one of my pages that's causing a Security sandbox violation. Basically it's trying to load a php file to do some things with mp3 files on my server. It works just fine, unless someone types in the url without the 'www' in front of it.
[URL]
the problem occurs. It still resolves to my site, but the domain appears different to the Flash app, and so the error gets thrown.
I have an XML file that my .swf opens and reads from my server. I actually have the .swf call a php file that builds the xml output which works fine. My question is, is it possible for anyone that can see my .swf project on their browser get the path to the php file that it calls?
Can I use POST in actionscript instead of GET when getting a url so I could hide the variables sent?
Is there a header or something that flash sends that I catch with my php file? So i can tell if flash is calling it, or if some user is just directly going to the file to get the information. Or if all else fails, can I have flash create a file on my server that when I call my php file it first checks to see if that file holds the right data before spitting out the xml. When other people link to my flash file on their server, it seems this method might still work seeing as it's my servers flash .swf being called.