i wrote a flash script that is embedded into an html page. The flash script (AS3), needs access to the users microphone and camera. I've seen on other websites when they want to use my camera/ microphone flash automatically pops up a box asking the user to permit.
In my case, even though in my global settings for my webpage it says "always ask" under permissions, flash doesnt ask me anything and just blocks the script from accessing the microphone. The script loads fine, just doesnt prompt for access and the user has to manually right click, and go to settings and put setting to "allow".
Searching for this topic on google is rather difficult as there is too much irrelevant stuff with the same keywords.
Edit: This is how i embed just in case im not doing it right.
My SWF resides on domain A, is loaded by a web site on domain B and is trying to ping URL (URLLoader.load) on domain C. But I am getting "#2048: Security sandbox violation" .. why? Of course I have read the manual, I saw the security white paper but I do not understand it. Don't you know any blog or such where it is explained for dummies? With lots of examples and maybe a table showing what is allowed and what is not?
I get following error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: [URL] cannot load data from 192.168.3.5:4854. at TicTacToe_fla::MainTimeline/TicTacToe_fla::frame1() ". I tryed to solve this problem about 3 hours, but I failed I have the file crossdomain.xml in the same folder like my .swf file on the server with this content:
I am getting a strange problem while I am making my release build swf.The swf is supposed to make some internal server calls and then display the data and also play it.When I make a release build swf and excute it, while making server calls it throws exceptions likeSecurityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=falsecancelable=false eventPhase=2 text="Error #2170: Security sandbox violation:file:///Path to the swf/WebPlayer.swf cannot send HTTP headers to **Method Name to bring data from the server***]And after this nothing can be done as everything depends on the data from the server..I have updated my cross-domain.xml on the server to support the master-only policy file but that also didnt ..My cross-domain.xml is
I haven't fully grasped how the flash security model works, and now I've ran into a problem. I have a base SWF that loads a game loader swf, which in turn loads the actual game.What I'm trying to do is taking a current bitmap snapshot of the running game. This works fine before the loader swf has loaded the game. When the game is loaded, I get a security violation because the game has images pulled from facebook. Is this something that can be solved on my end, or restricted by security in the game swf?
I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
I've got a Flash movie, loading data from an external URL. In fact, it's a RSS reader inside a banner.Everything works perfectly when the Flash movie and data URL are on the same domain. However, if the Flash movie is on another domain, Flash security kicks in.The manual says that I can allow a domain trough Security.AllowDomain()
system.Security.allowDomain("http://www.mydomain.abc/") xmlData = new XML(); xmlData.ignoreWhite = true;
I have a flash movie which loads some images dynamically, through hphp gateway files. It works fine accessing through [URL]but not through [URL] So it does not work without www.I am passing from HTML to Flash through params flashvars the path of the server, with www.
I am building a photography web site with flash and I found a really cool slide show extension plug in (www.slideshowpro.com) were can easily upload and update my portfolio slide shows.when I publish out to HTML, I test it in a browser and I get this warning when I click on the photography page.I read in adoby help and it said flash developers can allow communication between sites with this AS code Security. allowInsecure Domain ("nathan44. slideshowpro.com");so I added this code to my actions layer on the firs frame in "scene 1" and to the actions layer in the photography section. But nothing changed i still get this warning when ever I publish out to an HTML, when I just preview with control + enter i can view the sideshows fine.
I have build my entire website with flash and embedded several swf objects (slideshows) into it. everything always worked fine when I published it as swf movie.but now that I want to upload my website an error message occurs saying:Error #2044: Unhandled SecurityErrorEvent:. text=Error #2140: Security sandbox violation: file:///mylayout.swf cannot load file:///slideshow_1.swf. Local-with-filesystem and local-with-networking SWF files cannot load each other.I know that it has something to do with the fact that one of the swf is local with filesystem and the other local with networking. but in my publish settings i told it to access local files only.but i dont really know what your are talking about. i am hosting my website at besides that i have not uploaded it yet. i am just testing it offline.
How to I get my security policy working? My parent swf parses an XML doc and loads 2 children. It throws a 2148 security error, and only works in the Flash IDE. PARENT SWF 'I put it at the top of my code. That seemed like the proper event flow' flash.system.Security.loadPolicyFile("crossdomain.xml"); I've referenced my security file from my swf. I Also published my parent swf as 'network only' and put all the crossdomain.xml and everything else in the same folder. I need to click on the animations and have them place from a local computer at a kiosk. POLICY FILE 'Used"*" since there's not URL, it's all local'
I usually organise tournaments on my site (flash based) and this time I have added a tournament in which users have to complete a jigsaw puzzle and the one who completes it in the least time wins some prize. As the jigsaw puzzle always produces random location, it is difficult for them to hack. They can't even directly download the game as it can't be downloaded using flash saver etc. But I want to know if they can make a program which completes the jigsaw puzzle automatically.Even time can't be hacked as I use time also tick on my server side so I match the time submitted by the game and the time stored in my server.
How can I disable crossdomain.xml check when the executing swf has been loaded on localhost?
Error #2044: Unhandled SecurityErrorEvent:. text=Error #2048: Security sandbox violation: http://localhost:2541/xxx.swf cannot load data from http://www.com/xxx.swf.
I want to assign full trust to the HTML5 web application running locally. I want to disable any crossdomain checks.
Some external servers do not provide crossdomain.xml for their hosted SWF files. I am running locally. I want to have full trust for debugging purposes.
How do I do that?
I will not consider AIR as it cannot be used from HTML5 application.
Adding the url "http://localhost:2541/xxx.swf" to "C:UsersArvoAppDataRoamingMacromediaFlash Player#SecurityFlashPlayerTrustu.cfg" did not help.
Over the years I've become an uber-nerd when it comes to flash game development. Now I'm thinking about looking into using my skills for helping other game-developers out there.I want to develop an API in AS3 which will allow the developer to do (as a start) the following:Display a dialogue which lets the user log into their "account" (hosted on my site).Send a score/value to the website and attribute it to the logged in user.Unlock an achievement (achievements will be set up by the developer in the web interface - which is where they will also get a key of some type to use with their API.Display highscores, other players profiles in-game, etc (show basically any stats in-game).All easy enough to develop straight off the bat. However; where it becomes frustrating is security. I'm not expecting an indestructible solution that I'm fully aware isn't possible, but what would be the most defensive way to approach this? One thought I've had was converting my API to a component so there's no access to the code (unless you decompile). The problem here is it's just not friendly to the developers, though it would allow me to create my own graphics for the UI (rather than coding many, many sprites).Private/public keys wont work unless there is very good protection against decompiling.
I'm building a flash project that will be ran with a wrapper of some sort to give flash extra controls. The issue I'm running into is streaming video from a web domain while the .swf is located locally on the users computer. I'd rather not ask my clients to go into adobe's security sandbox and allow it them selves. Is there a way to auto allow a file to communication externally for streaming? I know an Adobe Air app named Ambience that streams mp3s. Anyone know how this can be accomplished?
I am using twilo client in one of my apps and it is showing following popup when I click on call buttonBut I want to show the following pop up which is lot simpler and seems less cumbersomeIs there a way to control which pop up comes on the screen? I have read some documentation of adobe but their configuration files live in users computer which ofcourse can not be changed by a website.
I'm working on a Site that uses Flash in conjunction with a PHP and MySQL. It is possible that someone could guess the variable names used in my PHP scripts and post bogus data to my data base.
I'm using a script to escape all of the data that goes to MySQL.
So, I'm pretty sure this is impossible, but is there any way to "re-skin" the box that pops up asking you if flash should be allowed access to your mic and webcam? I'd really love to make that box fit with the rest of the design of whatever I'm building.
Also, if I have several swfs that use the mic/webcam inside one larger shell swf, will the dialog box appear once for each of the sub-swfs, or just once for the large one, and those settings will be applied to all the sub-swfs?
I am working on a existing Flash project (a Flash based game), where I need to integrate social login widget Gigya. I researched and finalized using Adobe Flash Platform Services Social. The problem is, I successfully integrated that in a test Flash file that I initially prepared. But when I integrate it in the source file of my actual Flash project, I get following error:[code]in my code, but it works in my initial test Flash (a minimal file with 2 frames and no extra components), but does not seem to be working for my actual game Flash.
I am writing a Flash site that needs to send the user to PayPal to pay to gain access to content on the site. The following is a test to send the user, along with the necessary data, to PayPal...
mp3 playback security with Flash player. I am making a mp3 player and don't want to give user access to download the mp3 files from server. But according to Flash player functionality, it's getting downloaded in cache. Also with Firbug user can see the mp3 file path.I would like to have any good suggestion for this development, without streaming server. Is it really possible to secure mp3 files with Flash player? If yes then please let me know your feedback for the same.
I am new to FlashPro CS5. I need to use it with SlideShowPro Director and the associated product 'ThumbGrid'.I followed the instructions and settings from SlideShow Pro but nothing happens when I publish. They say I need to go to the flash security settings panel and add my local folder as a trusted location to execute the files from.I cannot find the flash security settings panel
We're trying to create an app for OpenPeak. The Flash app will act as a client to a Java server on another computer on another domain.The Flash app client connects via XMLSocket. The Java Server uses ServerSocket to receive a request and send back a message.In order to trust the server, the Flash client needs a socket master policy file to tell it that the server comes from a trustworthy domain. According to an article on Adobe, when a connection has succeeded, the Flash client automatically requests the cross-domain policy or socket master policy file on port 843.Still, even when we implement it according to the tutorials and recommendations we have read, the Flash client continues to throw the following security error:[code]We've tried logging the policy file request during testing to see if there was any call made to port 843. There was not.Interestingly, even without a policy file, the Flash client still manages to send the first data message to the server successfully. It's just when the server tries to send back a reply that the entire thing hangs for about 10 seconds before the security error above is displayed.
I am building a Audio Recording tool using Flash and Wowza. I dont want to start the recording until the use clicks the Allow Button is the Security Pop-up question represented here [URL] In Audio I dont get this until I attach the stream to it. In Video can get thsi question when I attach the camera to Video.
I want to avoid making a connection until the user clicks Accept and this doesn't happen until I make the connection request in Audio. I am able to display the [URL] pop-up using SecurityManager Is there a way I can call the pop-up from my code. [URL]
I've got Flash content that needs to run within a web page off a CD. It works fine if I change the security settings in the Flash Global Security settings screen but that can only be accessed online. So...an the security violation be overcome with a cross-domain XML on the local drive somehow?
I have a WebView loading a swf using loadUrl(). My app saves files from the web locally and then uses flash to show them. Keep running into a 2148 error for the crossdomain.xml.around this and access files from the SD Card or application cache somewhere to show in a Flash component embedded into a WebView?
I am trying to access instagrams API with FLash, I keep getting a "Security sandbox violation: cannot load data from https:[url]....? client_id=...etc" but it works in the IDE. It is loading the cross domain policy file from https:[url]....and I have security allow [url]........ in the swf.
Later this year I will be producing a few expandable banners for a company. The banner is used to attract people and have them suggest candidates for a competition.I suggested the option of possibly integrating an application form in the expandable banner, which after submission should land the user on the landing page of the site.
But after I suggested this, I started thinking:I can't recall having seen a form in an expandable banner for a long time. Because of this, I assume the use of forms in banners might be considered a big no-no. If this assumption is correct: I am trying to figure out why this is. I understand this will be partially off-topic, since the rationale might be in the realm of marketing, rather than programming.
Programmatically:Are there typical security or other concerns that keep professionals from using forms in banners? I'm thinking maybe csfr attacks, etc. here.Usability:Is using a form in an expandable banner a typical no-no from a usability perspective? I'm thinking maybe banners accidentally closing when filling out the form, or too little space to inform the user of the purpose of the form perhaps?
Maybe it's a combination any of these categories? Or maybe none at all. I'm kind of trying to figure out whether my assumptions are correct, and why. Hopefully someone can shed a light on this matter from the perspective of any of the three categories.
In my application I am accessing a XML file which is in the same location as the fla, yet I have to add my folder location to the Flash Global security settings in order to avoid that infamous Security violation that is thrown. Thats fine in my development environment, however when deployed on a customer's machine they have the same issue. Is there a way programmatically to to trust the xml file and avoid the security violation? NOTE the customer is accessing the swf in 2 ways through a .NET loading mechanism and 2. opening the file location in a web browser (NOT in a we page but opening the swf directly - YES I know this is not recommended - but nevertheless is the customer's preference)
We are working on flash camera project. We want to ask user to allow or deny camera access first on page load. then after few seconds we want to start camera and take photo. If User deny camera (or flash) access, we do not want to start camera. and If user allows permission for camera (or flash) access, we want to start camera and take photo.For this, We are using "Security.showSettings(SecurityPanel.PRIVACY);". This code is user for ask permission to user about their camera access.So, it is show Privacy Pop up in flash. But, how we can have control on that pop up
