I'm having an epic amount of difficulty trying to get a result from a httprequest to a https address.I'm loading a policy file from the address but I'm still getting the 2048 security error.I load my policy file like so in my preinitilize handler.
private function preint(e:FlexEvent):void
{
Security.loadPolicyFile("https://api.soundcloud.com/crossdomain.xml");
[code]......
Is there a way to inspect HTTPS traffic from Flex applications compiled to SWF files?I'm trying to use Fiddler for this, have added DO_NOT_TRUST_FiddlerRoot to my Trusted RootCertification Authorities so my IE now can access other HTML sites that would normally complain about untrusted certificate. However, the HTTPS traffic from the SWF file still doesn't appear in Fiddler and, in fact, the Flex app wouldn't work (HTTPS with a self-signed certificate is not supported by Flex apps I believe). Is there a way around it?Update: To be clear, I am interested in the traffic between the SWF file running under Flash Player and the server (typically, Flex components like HTTPService will be used for this). The SWF file itself can be served via HTTP or HTTPS, it doesn't really matter.Clarification 2: Don't assume that the source code is available for the SWF file. If it was, Flash Builder 4's Network Monitor could be used.
View 3 RepliesI'm doing a Flash Banner for an ADv campaing. Since the max swf file size allowed is very low, I'm trying to load external JPG images from the main server.Reading the crossdomain policies for Flash movies I see that:You cannot load variables or XML data into a Flash movie from another domain.
It's the same with static files as Jpg images?I'm testing the banner with various results: looking in Firebug, images are always loaded, but sometimes they appear, sometimes not, sometimes only the first time (it's a loop). There are no warnings however.
Loading the Banner with the same domain as the static images always works.I also tried to put a crossdomain.xml file on the domain that serves the static images, but problem seems to continue (maybe Flash cache that request somewhere..
I have a html paga which loads a flash(flex) swf file. Using https it loads successfully with Chrome, Safari and Firefox, but not with Internet Explorer.Another page, a simple aspx page, does load in Internet Explorer using https (and no flash in it).Haven't found anything so far on the internet to solve this... Anyone?UPDATE: When I right click on the white screen, 'About Adobe Flash Player 10...' appears... so Flash is loaded. Also, in Charles (http sniffer tool) I can see that the swf is loaded over the network.
So, apparently, Flash Player is running inside my html page, the swf is loaded over the internet but the swf is not displayed in internet explorer browser... Very strange. How can I debug this further to see what the problem is?Meanwhile, in the left down corner, IE keeps on saying: 'Waiting for https://....In all other browsers it works like a charm.You can see that IE shows a Certificate Error, but that's also the case in other browsers. I already clicked on Certificate Error to install the Certificate, but with no success.
I'm running into an issue with an HTTPS post request where I get the following error (please note some of the URLs have been modified to protect privacy):
Code:
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://[local_ip_addr]/[my_swf].swf cannot load data from https://dev.[domain_name].net/[path_to_xml].
When I review the crossdomain.xml I have the following (again, sections omitted to protect privacy):
Code:
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"></site-control>
[code]....
So that appears to be set up correctly. Requests sent to the HTTP protocol happen just fine, it seems only to be the HTTPS. Do I need to set up Security.allowInsecureDomain() to have this work or is there something on the crossdomain.xml side that I need to set further (such as <allow-access-from domain="*" secure="false" />)?
I'm running a webgame with a bunch of users. Recently, some have complained about the game crashing on startup. Using a debugger, I found the error:
Quote:
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: game10.swf cannot load data from Error #2032: Stream Error. URL: php/loadStartData.php
(NB: I can't post entire URLs as I'm a new forum user, but the two URLs in the error message are full URLs, and the domain names match, so that's not the issue.)Now this error only occurs for some user accounts. Others are able to play just fine on the same computer, but logged in with a different account. In other words, it's not related to browser, Flash Player version, etc. Most users load the game fine, though.
I've searched around on the web, and the error seems to be common when you try to load resources between domains, in which case a crossdomain file is the answer. However, here, I'm just trying to load a PHP file in a subfolder ("game") which is in folder where the swf file is residing.What's even weirder is that other PHP files in the same subfolder will load fine using the exact same code. And again, this is all just for some user accounts. Other users run the game fine on the same computer.The AS3 code that tries to load the PHP file is simply
Quote:
var startDataPath:String = ("php/loadStartData.php");
var startDataPHPRequest:URLRequest = new URLRequest(startDataPath);
var startDataPHPLoader:URLLoader = new URLLoader();
startDataPHPLoader.addEventListener(Event.COMPLETE , sortStartDataXML);
startDataPHPLoader.load(startDataPHPRequest);
I have a AS3 swf [1] that is loading another AS2 swf [2] which is loading another AS3 swf [3].
I'm getting a Security Sandbox violation on the AS2 swf trying to access the last AS3 swf (3), but I'm using Security.allowDomain("*") in practically all the classes of the first AS3 swf (1).
how to load for example two xml files, and how to address each of the files? The red comments will explain what I want
[Code]...
is it possible to load images from https and test locally in the flash IDE? i am getting a load error but not a security error.
View 2 RepliesThis is my code and i want to place an external swf file for my flex application website. This is my code:
var loader:Loader = new Loader();
var url:URLRequest = new URLRequest("http://www.my site.com");
loader.load(url);
addChild(loader);
I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.Here are the contents of the root crossdomain.xml:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies ="all"/>[code].....
Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player. When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http:[url].......I am using Flex 4 beta, and the App Engine Python runtime. I have tried full wildcard in the crossdomain, and even accessing the data endpoint at a relative URL so as to avoid this error.
Is it possible to use the flash.net.NetConnection object to connect to my Flash remoting enabled web application over HTTPS within Tomcat or any other servlet container?
I am using the SpiceFactory cinnamon project for amf remoting and have searched for examples of using HTTPS but see only the reference to a proxy type in the NetConnection object.
If someone could provide a reference or example that would be awesome. Or if it is not possible using the flash.net.NetConnection object are there any recommendations of how to configure HTTPS for the spicefactory cinnamon library.
I've changed the protocol for my flex app from https to http and flashplayer still wants to download the crossdomain.xml using https though with the port for http. [URL]..
View 3 RepliesI have an mxml project with one button which browses for files and then uploads them. It seems that when i select a file lower then 200kb it passes ok but when the file is bigger it throws SecurityError: Error #2000: No active security context. Where is these restrictions set for size limit?
[Code]...
Alright so I'm making a website for my friends band, and they want to have a music player to play their MP3's. One of the things I'm concerned about though, is the security of the MP3 files. Their albums are on iTunes to buy, so I'm looking for what the best option to have the MP3s be played but not be able to be downloaded and saved.The best thing I can think of is embedding the MP3's inside a Flash music player, but that would be more work than it's worth it seems.
View 2 RepliesIs this a typical 'CDN' policy ? Is this to encourage customers to host only such content that is going to be around for quite a while, and going to see probably a million downloads I started looking at AWS Cloudfront for it's ability stream RTMP media (aka Flash server like behaviour) to host video content. That is to say, I am not too concerned about the "distribution close to client" benefit. However, what surprised me is a clause on the AWS Cloudfront pricing page, that says something like the first 1000 'cancellations' (per month) are free. I interpret 'Cancellation' to the be the act of removal of content that I no longer wish to serve via the CDN. Is that right ?
My requirement is the ability to serve media content (streaming audio, streaming video) which isn't shared with general public or a large audience. It is something like each of these files have a lifetime (or relevance) for only few days (a week or so, at most), and each file will be viewed only by a small handful of people/consumers (e.g. 1 file viewed by an average of 3 people, maximum say 10 people). Also the content's privacy needs to be maintained, so an accidentally shared media URL shouldn't allow an unauthorized person to access it. In this case, is it right to assume that CDN is an overkill, not the right solution ?
I was drawn to AWS CF for it low price (at least, low entry price) for RTMP streaming abilities. What other options could I consider. For me, high availability and round-trip-time are secondary... primary concern being cost, i.e. it needs to be as low as possible. On the question of "how low", I'd say low-enough for developing economies, s.a. in Asia, South America and Africa.
I have the following:
PLAYER.SWF -- contains flv player and controls.
cross-domain-policy.xml -- that allows everything.
www.yoursite.com[code].....
If I have all the files on the same domain, everything works. The swf is designed to look for the prefs.xml file at whatever location where the html page is. I can have the swf in a location like[url]... and have everything else in some other funky location on that domain. If I try to have the html page and prefs and stuff on another domain, it can't read from the prefs.xml, and I get the Error #2048. From my research, this is a cross-domain issue, but I have cross-domain policies all over the place and it's still doing it.
I am building a FLEX web application that also has a payment module where the user needs to enter his credit card details.
The whole Flex application runs on HTTP. However, whenever the user lands on a page where we ask for credit card details, we want these details to be sent over HTTPS.In this page we need information from the model of the application, because it holds certain selection the user did, the state the application is in, etc.
Do I need to make this page a Module that runs on HTTPS?
Or can I just configure the specific 'credit card' services (we have a JAVA back end) so that these run on HTTPS?
I'm trying to configure BlazeDS to work over HTTPS. We've got Apache in the front that is set to redirect all http traffic to https. Apache then communicates with the application (a JBoss AS 5.1) via http. I've tried a lot of configurations for BlazeDS, and finally the following solution worked for me:
services-config.xml
<services-config><services>
<service-include file-path="remoting-config.xml" />
<service-include file-path="messaging-config.xml" />
</services><channels>
[Code] .....
The thing here is that in my-secure-amf channel, I use mx.messaging.channels.SecureAMFChannel in the channel-definition, and flex.messaging.endpoints.AMFEndpoint (not flex.messaging.endpoints.SecureAMFEndpoint). This has probably something with the Apache-Jboss setup to do, but I haven't found anything that explains what the different tags actually define. To get some sense in all of this, what happens when defining channels and endpoint, using different urls and classes?
I have it when the user clicks on a link it loads the php ?page=portfolio, in portfolio.php i have a peice of code that writes "var=portfolio.swf" to a .txt file Actionscript loads the text file and grabs the var, which is sent to the preloader which loads portfolio.swf. The problem with this is the Flash cache, you have to open a new window to see the portfolio.swf loaded and the second problem would be clients fighting over the .txt file.
What I want to do is, eliminate everything on the client side (the txt file) and make it so flash picks up the vars from ?page=portfolio and directly passes that to the preloader.
I heard this can be done with FlashVars, its kinda hard for me to understand could some direct me to an example code of FlashVars that I can play around with.
If I have a flash file that I'd like to test locally (on my computer) but I have video files on a flash video server and photos on another server, is there an easy way to set up my flash file so I can do this?
View 1 RepliesI want to make an https call using HttpService. My code is working perfect when the url is http, but when i can the url to https is gives me the following error [code]...
How should I make a Https call?
My swf is being served via http protocol. I don't really see this being easily changed. There's a resource that a website has opened up via their api that I need to access but it is using https protocol. Because of this my swf can't access the resource because of security settings.
Option 1 would be to serve my swf via https. I can't do this at the moment.
Option 2 would be set secure="false" property of the cross domain policy file. I can't do this, I dont have access.
How do you limit access to swf files from a certain domain
I Don't want another ones embed my Flash game .
How do you limit access to swf files from a certain domain I Don't want another ones embed my Flash game ...
View 2 RepliesI have a CD and have all my files in it and I want to load them into my flash file, how can I do it?
View 7 RepliesAccording to the Adobe asdocs, Flex framework files are supposed to be able to be loaded at runtime. These localized framework files, the ones that exist at (on windows) C:Program Files (x86)AdobeAdobe Flash Builder 4.5sdks4.5.0frameworkslocale, are responsible for items such as button text on Alert Dialogs, and a host of other controls. My expectation is that once these framework files are loaded I would see these resources available in my Flex app.
I've set up my project as follows:
MyProject
-src
-Flex4.5
-Referenced Libraries
[code]....
Now the asdocs state that in order to do this, you have to set the compiler settings to read
-locale=en_US,da_DK,de_DE,es_ES,fi_FI,fr_FR,it_IT,ja_JP,ko_KR,nb_NO,nl_NL,pt_BR,ru_RU,sv_SE,zh_CN,zh_TW -allow-source-path-overlap=true -source-path=locale/{locale}
which I have done.My Build Path Libraries for Flex 4.5 - C:Program Files (x86)AdobeAdobe Flash Builder 4.5sdks4.5.0 are set to be Runtime Shared library (of note, the {locale} subfolder says "Merged into code")
But when I change the language in the browser, I'm not seeing any of the framework resources.Also, when I build my project, I don't see any indication of the locale-oriented resource files in the bin-release. Since we only deploy the contents of the bin-release folder (and not the entire project), how is this supposed to work?I am also seeing .swz files in my bin-release (and I know these arent the localized framework resources).
Does anyone have any experience with Runtime Framework Localization?? What am I doing wrong? My expectation is that once I build my project (with the framework resources externalized) that the app would be able to load those resources, but this isn't happening and I am not interested in compiling a different version of my app for all of the locales I support.
I've been trying to find the right configuration for supporting both http/s requests in a Flex app. I've read all the docs and they allude to doing something like the following:
<default-channels>
<channel ref="my-secure-amf">
<serialization>[code]..........
I'm running with Tomcat 5.5.17 and Java 5.The BlazeDS docs say this is the best practice. Is there a better way? With this config, there seems to be 2-3 retries associated with each channel defined in the default-channels element so it always takes ~20s before the my-amf channel connects via a http request. Is there a way to override the 2-3 retries to say, 1 retry for each channel?
I am developing a flex application with flex 4.1 sdk and java backend (runs on Glassfish 3.1 via http). For security reasons I decided to move my authentication process to https until a session id is obtained. Therefore I changed the filter settings to use ssl for login and logout pages(just two pages due to performance reasons. The data-size sent to client is large and I do not want to slow down the system). Glassfish forwarded these pages to 8181 port (which is HTTPS port). Everything is ok for the java part. However flex defines the 8181 port as a different domain and then problems arise. Due to flash's same-origin policy it cannot load the secured content. Normally a crossdomain.xml is the solution but I am accessing content of the same domain through a different port. What will be the solution ?
View 1 Replieswhat's the best and shortest way to get this information?
i've read about BrowserInvokeEvent which contains a boolean of the sort - [URL]
yet i havn't been able to implement it.