0

I'm using dropbox to distribute large swf files with corresponding html files that load the swfs. All the large swf files access a small "Key" swf in the same folder as the html file. That all works fine. But when the large swf files also try to access a remote text file on my server I get a security sandbox violation. After reading about this, I see that this is by design for security reasons.

But there has to be a way around this without having the user authorize the domain containing the txt file. The reason I say this is because the swf files are running right from the browser on the persons computer. I then thought about a cross domain policy. Not sure what it would look like since it's a local computer that's asking. I hope this makes sense. I was hoping I could put the cross domain policy (or some other file) on the users computer right along with the other files, but I don't think that's what they're for.

This is an update to the question above as my problems relate to crossdomain policy's. I'm showing a small snippet of code that is causing this error shown in Debug mode in the Flash IDE. The code eventually gets the txt file loaded, but is delayed due to the warning I believe and I'm wondering if this can be fixed? The delay is causing an issue.

Attempting to launch and connect to Player using URL C:\Users\Jeffrey\Dropbox\Photos\ABC\bopAnimationSales\testingGettingVariablesFromExternalSWF_simplestForm3.swf [SWF] C:\Users\Jeffrey\Dropbox\Photos\ABC\bopAnimationSales\testingGettingVariablesFromExternalSWF_simplestForm3.swf - 21834 bytes after decompression Warning: Domain www.postureviewer.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

Complete [UnloadSWF] C:\Users\Jeffrey\Dropbox\Photos\ABC\bopAnimationSales\testingGettingVariablesFromExternalSWF_simplestForm3.swf Debug session terminated.

Here's the code:

import flash.events.*;
import flash.net.URLRequest;
import flash.net.URLLoader;
import flash.system.Security;
//flash.system.Security.loadPolicyFile("http://www.postureviewer.com/trials/crossdomain.xml");

var urlRequest:URLRequest = new URLRequest("http://www.postureviewer.com/trials/jeffaberle.txt" + "?" + Math.random());  // + Math.random()
var urlLoader:URLLoader = new URLLoader();
urlLoader.addEventListener(Event.COMPLETE, completeHandler);
urlLoader.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);
urlLoader.load(urlRequest);

function completeHandler(e:Event):void {
    trace("Complete");
}
function ioErrorHandler(e:IOErrorEvent):void {
    trace("ioErrorHandlerJeff: " + e.toString());
    licenseKeyNotFoundScreen.visible = true;
}
docaberle
  • 49
  • 1
  • 2
  • 6

2 Answers2

0

To authorize your local swf file to access to a remote content ( a text file in your server in your case ), you don't need a crossdomain.xml file that

grants a web client—such as Adobe Flash Player, Adobe Reader, etc.—permission to handle data across multiple domains

So in your case, when using a local swf to get data from a remote location, you have just to add your swf to the list of trusted locations like I explained in my answer of this question.

Hope that can help.

Community
  • 1
  • 1
akmozo
  • 9,829
  • 3
  • 28
  • 44
0

You can load a cross domain policy from an arbitrary location via "loadPolicyFile"

I would recommend hosting it at the same location as the remote text file to keep things simple, i.e.

http://www.example.com/clients/clientfile.txt
http://www.example.com/clients/crossdomain.xml

Then in the 'big' SWF, import the Flash Security package if you are not using it already:

import flash.system.Security;

Then before making any calls remote calls to load data content from your local based SWF, call loadPolicyFile:

flash.system.Security.loadPolicyFile("http://www.example.com/clients/crossdomain.xml");

Then you will be able to call URLRequest, etc... without any issues:

urlRequest = new URLRequest("http://www.example.com/clients/clientfile.txt");

Your crossdomain.xml should look like this:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.example.com/clients"/>
</cross-domain-policy>

PS: An online cross domain generator is @ http://www.crossdomainmaker.com Helps prevent typos and that painful head scratching when yours does not work... ;-)

PSS: Personally for local SWFs, I prefer AIR packaging as it eliminates the cross-domain issues, no browser is required, etc... Only one file that contains all your other SWFs as resources that can be deploy as an '.air' file or via a native Windows installer (exe) or OS-X dmg and .app installer.

SushiHangover
  • 73,120
  • 10
  • 106
  • 165
  • Still getting a Sandbox violation. The idea of akmozo below works. I had already tried that idea, but believe it or not, that is too complicated a procedure for the doctors I'm working with. I've since gone with not needing the local swf file and just making my swf file be able to access the network in the Publish Options. Your suggestions above I followed perfectly, but couldn't avoid the sandbox error. – docaberle Sep 29 '15 at 23:15
  • Strange that that did not work, used that technique many times...but glad you got it working. Fully understand getting anyone, not just doctors, to open Flash global settings to add a domain to be trusted, it works, but... ;-) – SushiHangover Sep 29 '15 at 23:57