How could I use relative URLs when I am purposely loading from a different domain. Again, I need to run the Application SWF from the filesystem and load the module from http://localhost (or some other domain).
As far as setting the SecurityDomain.currentDomain, I have tried doing that, only to get this error: SecurityError: Error #2142: Security sandbox violation: local SWF files cannot use the LoaderContext.securityDomain property. file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf was attempting to load http://localhost/SimpleModuleProject.swf. at flash.display::Loader/_load() at flash.display::Loader/load() at ModuleInfo/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:431] at ModuleInfoProxy/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:986] --- In flexcoders@yahoogroups.com, Alex Harui <aha...@...> wrote: > > Typically, you want to test in local-trusted instead of local-with-networking and use relative paths to all assets (and have those assets in the local filesystem). Then when you deploy those files to a server in the same folder configuration, everything should just work. > > If you use an absolute path, then in local-trusted it is seen as a foreign domain, and by default modules will not work unless you set the SecurityDomain.currentDomain on the module loader. However, that will still set up a different "topology of trust" than when you deploy and the loading app is on the same server as the module. > > So, only use absolute paths if you'll always be loading the module from a different domain. There might be issues using SecurityDomain.currentDomain in local-trusted sandboxes. You can sometimes get yourself into configurations that can only be tested while deployed and served over http: > > From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of hughesmatt78 > Sent: Monday, December 15, 2008 7:33 AM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > My sandbox type is local-trusted. According to the Flash Security > white paper, local-trusted has *at least* the priviledges of > local-with-networking. > > "localWithNetwork: This SWF file is a local file and has not been > trusted by the user, but it was > published with a networking designation. This SWF may communicate with > the Internet but may not > read from local data sources. > localTrusted: This SWF file is a local file and has been trusted by > the user, using either the > Settings Manager or a FlashPlayerTrust configuration file. This SWF > file may both read from local > data sources and communicate with the Internet. > " > > I did change it to local-with-networking, but I get the same error: > > Finished loading crossdomain. > <?xml version="1.0"?> > <cross-domain-policy> > <allow-access-from domain="*" /> > </cross-domain-policy> > > [SWF] /SimpleModuleProject.swf - 574,981 bytes after decompression > *** Security Sandbox Violation *** > SecurityDomain > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > tried to access incompatible context 'http://localhost/crossdomain.xml' > *** Security Sandbox Violation *** > SecurityDomain > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > tried to access incompatible context 'http://localhost/crossdomain.xml' > Failed to load module > SWF is not a loadable module > > Any ideas? > > --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>, Alex Harui <aharui@> wrote: > > > > Check your sandboxType. I'll bet it is local-trusted and not > local-with-networking. > > > > From: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> [mailto:flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>] > On Behalf Of hughesmatt78 > > Sent: Saturday, December 13, 2008 11:33 AM > > To: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > > Subject: [flexcoders] Loading network SWFs from SWF hosted on > filesystem (SWF is not a loadable module > > > > > > I'm trying so far in vain to load a module from a network domain from > > a SWF that was loaded via the filesystem. Every time I try and load > > the module, I get the following error: > > > > "SWF is not a loadable module." > > > > I have seen this same problem discussed elsewhere on FlexCoders and > > other blogs but I am getting very conflicting views. Some people say > > this kind of module loading is not supported > > (http://www.nabble.com/Problems-using-Flex-modules-td15188446.html) > > but the Adobe Flash Player 9 Security white paper clearly indicate it > > is possible: > > > > "A SWF file may also call Security.allowDomain() with the wildcard > > parameter "*" to allow any domain. > > This is necessary to allow a local-with-networking SWF file to > > cross-script a network SWF file." > > > > Anyway, off to the example project I created. Here are two very basic > > mxmls. > > > > TestApplication.mxml -- (loaded via file system, this attempts to load > > a simple module hosted at localhost) > > <?xml version="1.0" encoding="utf-8"?> > > <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"; > > layout="vertical" initialize="init()"> > > <mx:Script> > > <![CDATA[ > > import mx.events.ModuleEvent; > > private function init() : void > > { > > Security.allowDomain("localhost"); > > > > Security.loadPolicyFile("http://localhost/crossdomain.xml";); > > > > var loader:URLLoader = new URLLoader(); > > loader.addEventListener(Event.COMPLETE, function(event > > : Event) { > > trace("Finished loading crossdomain."); > > trace(loader.data); > > }); > > loader.load(new > > URLRequest("http://localhost/crossdomain.xml";)); > > } > > > > private function erroredOut(event : ModuleEvent) : void > > { > > trace(event.errorText); > > } > > > > private function loadIt() : void > > { > > loaderOfModules.url = "http://localhost/SimpleModule.swf";; > > } > > ]]> > > </mx:Script> > > > > <mx:Button click="loadIt()" label="Load module from localhost" /> > > > > <!-- Sandbox type reads local-trusted --> > > <mx:Text text="{Security.sandboxType}" /> > > <mx:ModuleLoader id="loaderOfModules" width="100%" height="500" > > error="erroredOut(event)" > > applicationDomain="{ApplicationDomain.currentDomain}"/> > > </mx:Application> > > > > SimpleModule.mxml (the module hosted at localhost) > > <?xml version="1.0" encoding="utf-8"?> > > <mx:Module xmlns:mx="http://www.adobe.com/2006/mxml"; > > initialize="Security.allowDomain('*')" > > > <mx:Text text="Hi there" /> > > </mx:Module> > > > > And the crossdomain.xml file hosted at localhost. (Although according > > to some Adobe docs, this file is not even needed to do crossscripting, > > only for loading data.) > > <?xml version="1.0"?> > > <cross-domain-policy> > > <allow-access-from domain="*" /> > > </cross-domain-policy> > > > > Note that I can get this example to work fine if I host the > > Application SWF from one network domain and load the module from > > another network domain without changing a thing. I only get the error > > when the loading SWF is hosted on the filesystem. Also note that the > > Application.swf is in a folder designated as locally trusted and I > > confirm this by looking at the Security.sandboxType variable at runtime. > > > > I am using Flex 3 and running this with Flash Player 9 debugger version. > > > > So my questions are: > > > > * Is this scenario even supported? If not, what's with the > > documentation I quoted from Adobe above? If yes, what am I missing? > > * And do crossdomain.xml files even used when doing crossscripting? > > Or are they just often conflated with module loading because you often > > load modules and data from the same server? > > >
