We are a research group from the University of Zaragoza (Spain). We are developing educational games for children with special needs, (in particular, with)social and cognitive disabilities. We develop our games with Adobe Flash CS5, so we are enough handy with Action Script language.The emerged problem is related with the security sandboxes in Flash.
At the moment, we are designing a new educative application where image and sound resources come from the Internet, using web services through a "loader.load(new URLRequest(name))" command. We are using the adequate crossdomain file, and it is working fine when published on the web.HOWEVER, now we are thinking on developing a desktop educative application, where educators will configure the game, and keep their work in a local system file. This is where problems arise. As the Flash player sandboxes limits us to "only network", or "only local file system" use, we are not able to access the Internet and to generate local files at the same time.
We are not trying to make a flash virus, we are only trying to make an application for educators, where resources came from the Internet but the application requires access to local file system in order to let educators to save and to load their work in their disk.Reading the Adobe doc, we found the different flash player sandboxes: http:[url]....
It seems that there is a sandbox which enables us to both access internet and local files:"Security.LOCAL_TRUSTED—The SWF file is a local file and has been trusted by the user, using either the Settings Manager or a Flash Player trust configuration file. The SWF file can both read from local data sources and communicate with the Internet." And it seems that Local_trusted SWF files are set by the final user or by installer programs. As we intend to publish the application on the web, and educators will download the application, the installer programs seems a nice option, but we are not able to find info about SWF installer programs.
On the other hand, we know about the Adobe Air solution. We understand that AIR is a substitute to Flash Player. It seems adequate as it will expand our application to other environments like android IOS (tablets, mobiles, ...).The question is: using AIR, would we gain network and local access in our SWF application? And what about the final user? Would he/she be able to download the SWF from our web, and any kind of AIR player and executing our application in an easy way on the device? Finally, what do you think is the best solution for the kind of application we are aiming to?
Goal: to make possible to make requests from flash running on local protocol (widget://, file://, chrome-extension://) without any special permissions on [URL]
Supposed solution: proxy swf file loaded in page with widget:// or file:// or chrome-extension:// protocol which loads into itself swf file located on http server. local swf bridge conects its own external interface to http swf file external interface.
This solution used in youtube movies, so you can embed any youtube movie into local page and it will be shown and played fine;
At the end we can get working soundmanager2 [URL] opened localy (file:// protocol), which can load and play music and video from internet. I need proxy for this version [URL]
Some relative [URL] How do I call a Flex SWF from a remote domain using Flash (AS3) ?
I need this to play music in opera extension (using widget:// protocol) for my project [URL] to let users play music without setting up special permissions
So I wrote a CS4 Illustrator plugin that loads a SWF as its user interface. Works great on the mac, but I am having a problem on Windows:The .swf needs to be compiled with the "-use-network=false" option set in order to access some files on the local machine. HOWEVER when that option is set, all of my "Externalinterface" calls break down. When "-use-network=false" is not set, then I can't access the local files, BUT my "externalinterface" calls (which communicate with the plug-in) work just fine. The SUPER frustrating part is that
A) it works fine on the mac, and
B) on window, I don't even need to set the "-use-network=false" option for the swf to access the files IF the .swf is loaded in explorer.I'm not sure if using AIR is possible, but I'm trying that next since AIR can access both local and network files without all the sand box hokey-pokey.Also CS5 is not an option for me for this project.
Is it possible to turn off sandbox checking when developing on a local machine? I know this could never be allowed on a production version but publish and upload after every edit?
I get following error: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: [URL] cannot load data from 192.168.3.5:4854. at TicTacToe_fla::MainTimeline/TicTacToe_fla::frame1() ". I tryed to solve this problem about 3 hours, but I failed I have the file crossdomain.xml in the same folder like my .swf file on the server with this content:
I'm developing a game add-on/plugin which replaces a built in feature of an online game. The game loads an .swf therefore, my solution also has to be an swf for it to work 'in-game'.
I would like to be able to have the user press a button in the custom .swf I am making - and this would open an external application (amongst other things). I.e. if there was a button that said Notepad, it would open Notepad.exe on the machine.
My initial thinking was that i could have a XML Socket server 'daemon' runnning (c#) , which i could connect to with flash - however, as both the swf and the daemon are local, flash complained and gave this error: "Error #2010: Local-with-filesystem SWF files are not permitted to use sockets."
The only way i know to fix this - is to change the security settings of flash - not very user friendly!
So! Any thoughts on how I could otherwise go about this? I was thinking a custom http server could do the trick (connected with URLRequest) although i'm not too sure.
I have a SWF file located at the local network in the public shared folder that I do not control over trying to read the external file on the local network.
I am currently hitting instead an security violation
Error #2148: SWF file file://....mySWF.swf cannot access local resource file://...config.xml"
I've added the network path where SWF an XML file resides to "trusted locations" via Flash Player Global Settings.
The added network path is successfully displayed at the list of "trusted locations" within Global Settings Manager, but it does not look like Flash Player is able to really parse the local network path as a "trusted location"
I have a swf which imports an xml file - it works fine within the flash ui or with flash player, however once I embed it in a webpage it does does not load the xml. I've tested locally and online with the same problem. Also, if i try load an external swf i have the same problem?
I have build my entire website with flash and embedded several swf objects (slideshows) into it. everything always worked fine when I published it as swf movie.but now that I want to upload my website an error message occurs saying:Error #2044: Unhandled SecurityErrorEvent:. text=Error #2140: Security sandbox violation: file:///mylayout.swf cannot load file:///slideshow_1.swf. Local-with-filesystem and local-with-networking SWF files cannot load each other.I know that it has something to do with the fact that one of the swf is local with filesystem and the other local with networking. but in my publish settings i told it to access local files only.but i dont really know what your are talking about. i am hosting my website at besides that i have not uploaded it yet. i am just testing it offline.
I'm building a flash project that will be ran with a wrapper of some sort to give flash extra controls. The issue I'm running into is streaming video from a web domain while the .swf is located locally on the users computer. I'd rather not ask my clients to go into adobe's security sandbox and allow it them selves. Is there a way to auto allow a file to communication externally for streaming? I know an Adobe Air app named Ambience that streams mp3s. Anyone know how this can be accomplished?
I'm trying to load an swf placed on Amazon S3 ([URL]) into an swf on a different domain ([URL]), and it throws this error SecurityError: Error #2121: Security sandbox violation: Loader.content: [URL] cannot access [URL]. This may be worked around by calling Security.allowDomain. at flash.display::Loader/get content()
I have a WebView loading a swf using loadUrl(). My app saves files from the web locally and then uses flash to show them. Keep running into a 2148 error for the crossdomain.xml.around this and access files from the SD Card or application cache somewhere to show in a Flash component embedded into a WebView?
I have a crossdomain.xml file sitting in my WebServer folder on a web:
[Code]....
Just to try and get it to work, I actually put it in every folder in the path to my web page as well but with the same result when I try to run the test movie from flash professional: *** Security Sandbox Violation *** Connection to loadNews([URL]) halted - not permitted from file:////Volumes/Mac%20Pro%20HD/Users/norm/Desktop/ticker/rssTest.swf problem loading the XML How can I get this to work?
I am working on a existing Flash project (a Flash based game), where I need to integrate social login widget Gigya. I researched and finalized using Adobe Flash Platform Services Social. The problem is, I successfully integrated that in a test Flash file that I initially prepared. But when I integrate it in the source file of my actual Flash project, I get following error:[code]in my code, but it works in my initial test Flash (a minimal file with 2 frames and no extra components), but does not seem to be working for my actual game Flash.
I have written a simple upload component in Flash, but I am now having issues in uploading due to a Security Sandbox error. I now know this is due to the fact I am uploading from one domain, to another, but 1, this used to work, 2, i have implemented a cross domain xml file by placing it in the root of the domain I'm serving from. There is also the following code at the top of my movie that used to work:
System.security.allowDomain("*"); Here is the plan, upload from admin.subdomain.serveraddress.net to serving.serveraddress.net, but it doesn't work
I'm making a binary socket server for Flash and I'm trying to figure out a way to run Multiple clients in a local environment for testing purposes. Tried to run the exported flash movie in my browser (to open multiple tabs of flash swf) but I just could not figure out how to solve the cross-domain problem. I'm running my server right from my PC (localhost) and just simply want to test my darn Flash document multiple times so I can simulate multiple clients.
I mixed a.com and b.com in my original post, I'll try to rephrase stuff correctly:
A HTML page is loaded from a.com The HTML embeds a Flash client from b.com HTML contains a Javascript function that makes a connection to a.com, ie the origin of the HTML, not the origin of Flash The Flash calls that Javascript function
Question: Do I need to have a crossdomain.xml in a.com?
I am running a socket server using PHP. The socket server runs fine because I can connect to it using PHP.Now, I have a flash application that is trying to connect to it:
When I run the application locally, it works! However, when I upload it to my server I get a sandbox security error (#2048). The flash app is actually hosted on the same server as the socket server, and there is cross domain policy file in place.
Our partners are requiring that we display a news.swf in our flash app outside of its domain. This is causing a mess of sandbox violations. The loaded news.swf is more or less a black box although I dug around in a flash decompiler and what looks like the document class has:
This is also in the constructor of client.swf. I should also note that client.swf is embedded in client.html. So client.swf is loading news.swf and adding it to the display list. Once it is added to the stage it starts spitting out a handful of errors. Run on my local file system:
I have a small Flash app that generates a security sandbox violation when flash.net. URLLoader() is called.I have been very careful to check for mistakes in my network/security settings, e.g., -use-network=true, cross-domain policy file, Security.allowDomain(), Security.allowInsecureDomain()
, Security.loadPolicyFile(), etc.
I have been working on this issue all day.I have read every Web page I can find on the issue to no avail.***Objective***1) Upload a SWF file, XML config file, cross-domain policy file, JPG files, [code].........
I get a Flex 3 sandbox error #2048 after connecting to a Socket on a Java (1.5) server. The server code is all mine, i.e. not running under Apache. Flash Player 10.0 r32.The sequence is as follows...
1 Java server starts, listens on port 843 for policy file request and on port 45455 for my other requests.
2 Flex client served by Apache (although I get the same result if I run it from the file system), socket connection made on host:45455.
3 Flash Player requests policy file from port 843. This is the standard behaviour with the new security settings looking for a master file. It happens regardless of whether a different policy file has been specified.
4 I serve the following XML from Java through port 843:
5 The player writes the following into the debug policy log...
OK: Root-level SWF loaded: http://localhost/bst/BasicSocketTest.swf OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at xmlsocket://192.168.2.3:45455 by requestor from http://localhost/bst/BasicSocketTest.swf OK: Policy file accepted: xmlsocket://192.168.2.3:843 OK: Request for resource at xmlsocket://192.168.2.3:45455 by requestor from http://localhost/bst/BasicSocketTest.swf is permitted due to policy file at xmlsocket://192.168.2.3:843
6 I send a text message from the client to the server on port 45455 using writeUTFBytes() and flush() (this is my own home-baked message protocol, and is correctly processed at each end)
REG/REGISTER;simon;Si
7 Java server thread listening on port 45455 responds with
REG:0/REGISTER:SUCCESS;simon;Si
8 The Flex client receives a ProgressEvent and the event listener I bound to the socket gets called. I process the message (write it to a text box on the screen)
9 The Flash player throws a 2048 sandbox error and the socket is disconnected! This is after the message is received and processed successfully. In fact it is about 12 seconds after. Nothing else works through the socket.
I have tried explicitly loading a policy file with a call to Security.loadPolicyFile() in the Flex client, but the reality of the new player security is that it is basically ignored. The steps are that the policy request will not get sent until a socket i/o operation occurs. At that point the player always goes to port 843 first looking for a master policy file. If it finds one, and it is permissive, it goes no further.
I have tried a variety of alternative ways of terminating the policy file and policy file contents, including deliberate errors just to see if the Flash Player is awake.I can see no reason why I would have a 2048 being thrown. I accurately serve a socket policy file on the designated master security port, which the player itself logs as correct. The socket then successfully sends and receives a message from the server the contents of which are available to my code.
P.S. Please don't tell me to use BlazeDS or LCDS or Granite, or something else as a server, I'm looking for a solution to this problem, not a redesign. And please don't ask me to use an XMLSocket instead - I tried that and get exactly the same result. I have chosen my architecture carefully and deliberately and I want a binary socket.
EDIT :In response to James Ward's request in his comment, here is the entire error message:
Error #2048: Security sandbox violation: http://localhost/bst/BasicSocketTest.swf cannot load data from 192.168.2.3:45455.
I have a stripped down test client which has a handler for each socket event and outputs a message to the screen. This is what it shows:
The close event is fired immediately after successfully receiving a response from the server, however the Error #2048 does not appear until about 20 seconds later. If I try and send a further message after close, but before the error, the Flash Player throws an invalid socket exception.
I am building a project where I use an external API loaded from the web, and I also load files locally. As I understand it, I cannot load both local and external files without causing a security sandbox error.Once I open the API it seems to try and listen to mouse events and such, and causes a securityIts really annoying since I am trying to trace some debug outputs but I can't read them as they get overwhelmed by the error messages.I know I cannot fix it, but I would simply like to disable these warnings. Is there any way?(please don't post solutions to fix the error, I tried all of them)I just want to disable the messages.Here is the error message:
i am having a problem launching a local html file from my swf. i have a button called print that when clicked it is supposed to open the local html file and print out the content. this is the code i used on the button
on (release){ getURL("folder/folder/file.htm","_self"); }
the PolicyFile's url is like this :[URL]and my restful webservices address is like this : [URL]crossdomain.xml include my flash's host url.the weird thing is flash still tried to load the [URL] like this first is right and response 200. the second response 400 .finally, the flash still told me SecrityError#2048
Working with a SWf where it's worked all along, loading data from url...But, now, if you switch from Flash Player 10 to Flash Player 10.1, I get the standard security sandbox violation:[code]The crossdomain.xml is still in place and if I downgrade to FP 10 (or earlier), it works as expected.
I'm calling remote images with with a Loader and the context has checkPolicyFile=true, images load fine with urls like :url....the only difference being escaped characters, is this a bug or am I doing something wrong?url...