[flexcoders] Re: Security issue in crossscripting
Thanks again Alex. -Ahmed --- In flexcoders@yahoogroups.com, Alex Harui [EMAIL PROTECTED] wrote: It isn't a FlashPlayer issue as much as a Flex Framework issue. It is not in 3.0, but may show up in 3.x or 4.0, but no guarantees From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Muhammad Ahmed Ullah Sent: Thursday, January 10, 2008 3:42 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Security issue in crossscripting Thanks Alex for the info. Can we expect this support will come with flash-10 or when? --- In flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com , Alex Harui aharui@ wrote: Flex does not currently support cross-domain sub-apps From: flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com [mailto:flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com ] On Behalf Of Muhammad Ahmed Ullah Sent: Wednesday, January 09, 2008 3:46 AM To: flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com Subject: [flexcoders] Security issue in crossscripting Hello, When loading a SWF file (inner.swf) within a SWF file (outer.swf) through Loader's object, I'm getting the following error message: SecurityError: Error #2047: Security sandbox violation: parent: http://192.168.0.20/wid/inner.swf http://192.168.0.20/wid/inner.swf http://192.168.0.20/wid/inner.swf http://192.168.0.20/wid/inner.swf cannot access http://192.168.0.18:81/Any/container/outer.swf. http://192.168.0.18:81/Any/container/outer.swf. http://192.168.0.18:81/Any/container/outer.swf. http://192.168.0.18:81/Any/container/outer.swf. at flash.display::DisplayObject/get parent() at mx.managers::SystemManager/executeCallbacks()[E:\dev\flex_3_beta3\sdk\fr ameworks\projects\framework\src\mx\managers\SystemManager.as:1518] at mx.managers::SystemManager/docFrameHandler()[E:\dev\flex_3_beta3\sdk\fra meworks\projects\framework\src\mx\managers\SystemManager.as:2311] Both files are placed on different domains. On the server of inner.swf file, crossdomain.xml exists with the * permission. In the initialize event handler of inner.swf file, Security.allowDomain(*) also exists. If I write Security.allowDomain(*) in outer.swf file, before loading the inner.swf, then this error gets solved. But my question is, Why is it necessary to use allowDomain() in the outer.swf file, as I don't want to allow inner.swf file to access outer.swf file? or How can I solve this error without using the allowDomain() in outer.swf file? Thanks, Ahmed
[flexcoders] Re: Security issue in crossscripting
Thanks Alex for the info. Can we expect this support will come with flash-10 or when? --- In flexcoders@yahoogroups.com, Alex Harui [EMAIL PROTECTED] wrote: Flex does not currently support cross-domain sub-apps From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Muhammad Ahmed Ullah Sent: Wednesday, January 09, 2008 3:46 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Security issue in crossscripting Hello, When loading a SWF file (inner.swf) within a SWF file (outer.swf) through Loader's object, I'm getting the following error message: SecurityError: Error #2047: Security sandbox violation: parent: http://192.168.0.20/wid/inner.swf http://192.168.0.20/wid/inner.swf cannot access http://192.168.0.18:81/Any/container/outer.swf. http://192.168.0.18:81/Any/container/outer.swf. at flash.display::DisplayObject/get parent() at mx.managers::SystemManager/executeCallbacks()[E:\dev\flex_3_beta3\sdk\fr ameworks\projects\framework\src\mx\managers\SystemManager.as:1518] at mx.managers::SystemManager/docFrameHandler()[E:\dev\flex_3_beta3\sdk\fra meworks\projects\framework\src\mx\managers\SystemManager.as:2311] Both files are placed on different domains. On the server of inner.swf file, crossdomain.xml exists with the * permission. In the initialize event handler of inner.swf file, Security.allowDomain(*) also exists. If I write Security.allowDomain(*) in outer.swf file, before loading the inner.swf, then this error gets solved. But my question is, Why is it necessary to use allowDomain() in the outer.swf file, as I don't want to allow inner.swf file to access outer.swf file? or How can I solve this error without using the allowDomain() in outer.swf file? Thanks, Ahmed
RE: [flexcoders] Re: Security issue in crossscripting
It isn't a FlashPlayer issue as much as a Flex Framework issue. It is not in 3.0, but may show up in 3.x or 4.0, but no guarantees From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Muhammad Ahmed Ullah Sent: Thursday, January 10, 2008 3:42 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Security issue in crossscripting Thanks Alex for the info. Can we expect this support will come with flash-10 or when? --- In flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com , Alex Harui [EMAIL PROTECTED] wrote: Flex does not currently support cross-domain sub-apps From: flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com [mailto:flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com ] On Behalf Of Muhammad Ahmed Ullah Sent: Wednesday, January 09, 2008 3:46 AM To: flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com Subject: [flexcoders] Security issue in crossscripting Hello, When loading a SWF file (inner.swf) within a SWF file (outer.swf) through Loader's object, I'm getting the following error message: SecurityError: Error #2047: Security sandbox violation: parent: http://192.168.0.20/wid/inner.swf http://192.168.0.20/wid/inner.swf http://192.168.0.20/wid/inner.swf http://192.168.0.20/wid/inner.swf cannot access http://192.168.0.18:81/Any/container/outer.swf. http://192.168.0.18:81/Any/container/outer.swf. http://192.168.0.18:81/Any/container/outer.swf. http://192.168.0.18:81/Any/container/outer.swf. at flash.display::DisplayObject/get parent() at mx.managers::SystemManager/executeCallbacks()[E:\dev\flex_3_beta3\sdk\fr ameworks\projects\framework\src\mx\managers\SystemManager.as:1518] at mx.managers::SystemManager/docFrameHandler()[E:\dev\flex_3_beta3\sdk\fra meworks\projects\framework\src\mx\managers\SystemManager.as:2311] Both files are placed on different domains. On the server of inner.swf file, crossdomain.xml exists with the * permission. In the initialize event handler of inner.swf file, Security.allowDomain(*) also exists. If I write Security.allowDomain(*) in outer.swf file, before loading the inner.swf, then this error gets solved. But my question is, Why is it necessary to use allowDomain() in the outer.swf file, as I don't want to allow inner.swf file to access outer.swf file? or How can I solve this error without using the allowDomain() in outer.swf file? Thanks, Ahmed