ActionScript 3.0 :: Security.loadPolicyFile() Doesn't Seem To Work?
May 21, 2010
I have a Flex 4 application the needs to retrieve XML from a web service and the web service does not sit on the same server as the Flex 4 application.
I was getting the Sandbox security violation #2048, I eventually figured out that I needed a crossdomain.xml file on the web service server which I put in C:Inetpubwwwroot. Tried again and all was good, it worked.But, I don't want the crossdomain.xml file to reside in the root of the server because I only want the crossdomain.xml file to affect the directory the web service is in.So I put the crossdomain.xml file into the directory where the web service resides and used Security.loadPolicyFile() but it does nothing, I get the Sandbox security error again. I checked with HTTP traffic with Fiddler2 and the request is being made successfully so I know that the application is getting the file, it just doesn't seem to be using it.
Is there something I'm missing? Below is the AS code I'm using, i tell the application to use the policy file in the application complete event handler, and i load the xml in the buttons click handler.
URL...I'm trying to connect to the java server which sends back the policy data.From the IDE, absolutly nothing happens.Where can I start to know what's going on? I've looked at so many forum posts and exemples but nothing seems to correspond to my problem.the policy file allows all, the ports are open, the file and directory of my local swf are added to the trusted list in the flash global security settings.I'm using Security.loadPolicy File ("xmlsocket://xx.xx.xx.xx:xx"); with the right IP and open port which my server listens to.
I'm trying to research some support for this but not getting very far, so I'm hoping you all can help. Is it possible to do something like the following:
I need to figure out a way to check if a crossdomain policy file has been loaded before initializing a certain component. The component won't work correctly if the crossdomain policy hasn't been loaded. Is there a way to do this? I can't figure out a way to get this working. This is the script I'm using:
Specifically, the developer of a web service I'm trying to call has installed a cross-domain policy file on his server at:[URL] So, in my SWF, I'm calling this:
[Code]....
Of course, it's not there, so it fails to load. (If the developer could install the file at the root, I wouldn't have this problem, so I wouldn't be using System.security.loadPolicyFile in the first place). It's not just in the IDE - when I test the app in Firefox with Firebug, I can see that the SWF is attempting to load the policy file from [URL].
I've stripped down the SWF so that it does nothing else but attempt to load the policy file from the subdirectory, and it still fails. So, I don't think this has to do with any idiosyncrasies of my specific app. Bottom line - does the System.security.loadPolicyFile work? Is there something else I need to do in conjunction with that call to get it to work? Or, is there something I'm doing wrong?
But when I got to my movie, I get: Security sandbox violation: LoaderInfo.content:[URL]cannot access [URL]. This may be worked around by calling Security.allowDomain Am I missing something? Does it not work with wildcards?I like AS3, but I really think they screwed up up the security model... and URLRequests...
the PolicyFile's url is like this :[URL]and my restful webservices address is like this : [URL]crossdomain.xml include my flash's host url.the weird thing is flash still tried to load the [URL] like this first is right and response 200. the second response 400 .finally, the flash still told me SecrityError#2048
I have a Flash swf file on one of my pages that's causing a Security sandbox violation. Basically it's trying to load a php file to do some things with mp3 files on my server. It works just fine, unless someone types in the url without the 'www' in front of it.
[URL]
the problem occurs. It still resolves to my site, but the domain appears different to the Flash app, and so the error gets thrown.
I am loading an external swf file from the same domain into my main flash movie using an absolute path: The problem is that when someone goes to the site without the 'www' in the address: he movie throws a sandbox error upon trying to load the 2nd movie.I have a crossdomain in place set to: <allow-access-from domain="*" secure="false"/>.I also have: Security.allowDomain("*"); in the document class of the main moie.I realize I could use a relative path to load the movie instead of the absolute path, but shouldn't the cross domain file and/or the allowDomain command take care of the security issues? Is there another workaround besides the relative path?
I decided to try to use setInterval for myanimation, which is just a mouse trail.However, I'm trying to get teh mouse trail to be a dynamic mask.In my previous swf this was achieved by using a holder mc with the animation inside and then using this as the mask. But this time I just canpt seem to hit on the right way to get it to work. The code I am using for the mouse trail is:
Code: var i:Number = 0; var myInt:Number; var t:MovieClip;[code].....
in the function, but now the trail doesn't resize and the mask still doesn't work.
I'm having some weirdness with a project that I'm doing in IE. Long story short, I've got a basic shell that loads in external SWFs based on user feedback. Once those SWFs get loaded in, they execute functions from the shell (_root) movie. It works great in Firefox, but immediately breaks (no way) in IE. The movie gets loaded in, but none of the functions run.
I suspect it has something to do with security, because, for a variety of reasons, I have to load the SWFs from their absolute location, rather than their relative location. When I test it locally (but loading the movies from their absolute, live location), everything still works, but I get that damn security warning that reads like this:
I have a button object that I need to scale to align with the variable width of an array of images.However, when I set the width in code, the button does not actually become that width. Tracing out the width gives me the correct value, but on screen.. it's off.
I've proved it to myself by scaling the same button object manually in the properties pane and visually comparing. Both of the buttons below have a width of 410.
This is a two fold query involving the same issue. As you know, if you attempt to use bitmap.draw() with an object (image or swf) that is not in the same domain as the calling swf the bitmap will not draw. As described by Adobe livedocs, if Security.allowDomain() is setup in the calling swf then draw() will work. However, I cannot get this method to work. I have supplied an example fla (make sure to get the .as for it too).
1. How do I get Security settings right to permit bitmap.draw() to work with objects from another domain? (not any domain - just the domain I define in the allowDomain parameter)
2. How do I setup an event handler (listener) for bitmap.draw() so I can detect when it doesn't draw?
I am connecting to a Java game server via an XMLSocket and serving the crossdomain.xml policy file via loadPolicyFile(). The problem is, the thing either works, or it doesn't Is there any way I can get any status information back from loadPolicyFile() ?file didn't load, file is invalid, anything. Is there a way to attach an onLoad handler to this? The documentation claims that this thing will wait for a response before it attempts any connections.
I have an SWF hosted on one server (let's say, url..),trying load data from a remote server (let's say,url...),in subdirectory /scripts /public/data.txt.In that subdirectory I have a file named crossdomain.xml, with the following content:
HTML Code: <?xml version="1.0"?> <cross-domain-policy>[code].....
Now this doesn't work. The SWF doesn't get access to data on that directory. It displays "undefined" instead of the expected value.
Notes:It does find the xml file.I know because when I try to load a file that doesn't exist it throws an error that says the file was not found.When the xml file is on the root directory (and there's no need to call the loadPolicyFile function),it works perfectly (displays the expected value),which means the xml file is fine.I thought maybe I need to wait for the loadPolicyFile to complete,but according to Adobe's help documents, all loading processes wait for the loadPolicyFile process to complete before rejecting a connection .Perhaps I used the loadPolicyFile function wrongly somehow,but I find it unlikely, since I copied the syntax from Adobe's help documents.
I have a swf one one server that is pulling content from an Amazon S3 server. I have set up, for now, a generic cross-domain policy to allow all domains access:[code]These seem to be playing nicely (for the most part) as my swf is loading json, xml, etc. files from the S3 server just fine now. What it's not doing right is loading swfs from the S3 server, when it tries to do that it throws this exception:[code]I assume this is because remote swfs could contain malicious executable code. Do I actually need to set the allowDomain to something or is there some other 'more correct' way of allowing my swf to load up other remote swfs?
I am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
I have a swf that is pretty complicated, you can interact with the page and go to different keyframes and it stops and/or starts depending on buttons, but I want to put it in a fla or something so I can put other swfs next to it and build it up and put several of them together as one.
I don't care about making it too complicated, I just want one interactive swf to go to the next compiled swf when that movie ends, but when I try importing it or loading it it just runs straight through without stopping or paying any attention to the scripting.
I am trying to more between frames using the data returned from a node n_EventID in an xml, when the node returns "1408" I want to move to frame 1 but if it returns anything else I want to move to frame 2. The part where the code moves to frame 2 seems to work perfectly but I can't seem to move to frame 1 when "1408" is returned.
xmlResultFinish = new XML(); xmlResultFinish.ignoreWhite = true xmlResultFinish.onLoad = loadXmlResultFinish;
I'm having a problem, where random IE's are not able to display my .swf file. All the IE's are IE8 with the latest flash pluggins and all security's are set at Medium, however some IE's get just a grey box and other's get the full flash file. What's going on? It works fine in Safari and Firefox of course, but why so much difficulty with AS3 Flash9 in IE? here is a link to the site, and it's the big image changer at the bottom of the front page.
But my proublem is that I have a flash presentation.The defalt for moving the slide screens back and forth are left and right arrows.It works fine when tested or even the .swf fileBut then the left and right buttons don't respond when I go to fullscreen.
Is it common for AS3 apps to not work in IE? Is there a way to make them work? I have a movie clip in my library linked to a custom class Main and I have nothing on stage. Just one frame. Everything is built inside that movie clip. I add that movie clip to stage through a document class and everything works perfectly in Firefox and Chrome but when I open it in IE, it's just a blank page.
i followed the instructions oh how to make a centered pop up window here :i'm using a mac..nd it works in Safari... but when i try to use explore to open it, the pop up window doesn't come up...why is that.......? did i do something wrong?here is my website:and please click on 'message' to see for yourself.
this is what i have on the maintimeline:[code]I have 4 moveiclips called: redhex, bluehex, greenhex, and yellowhex.what the above code should do is make a 15x15 grid of hexes (yes i wanted all 4 hex mc's overlapping each other at each space on the grid.).Before i added the lines to dupllicate the blue, green, and yellow hexes also... the redhex movieclip duplicated exactly as it should.But after adding the lines to duplicate the blue, green, and yellow hexes also, in the same locations... Nothing at all showed up when i tested the movie (not even the redhex's)
