[Flashcoders] Security Sandbox Violation

Shane Higgins Fri, 07 Sep 2007 14:07:27 -0700

Can anyone help me with a Security Sandbox Violation that I can't seem to
figure out?  I'm testing using Flash Player 8 Debug version (IE7 ActiveX and
Firefox 2.0.0.6 plugin).  I'm trying to load a remote swf
(http://xyz.a.server2.net/datadir/data.swf) from a web-hosted swf
(http://www.server1.com/test/app.swf).


Here's where I'm at:

- I added System.security.allowDomain("xyz.a.server2.net") to app.swf.
- I added System.security.allowDomain("www.server1.com") to data.swf.
- I created a cross-domain policy file (crossdomain_1.xml) and uploaded it
to http://www.server1.com (root dir) with this entry: <allow-access-from
domain="*.server2.net" />
- I created a cross-domain policy file (crossdomain_2.xml) and uploaded it
to http://xyz.a.server2.net/datadir (I don't have access to the root of this
server) with this entry: <allow-access-from domain="www.server1.com" />
- I added
System.security.loadPolicyFile("http://xyz.a.server2.net/datadir/crossdomain
_2.xml") to app.swf.
- I added
System.security.loadPolicyFile("http://www.server1.com/crossdomain_1.xml";)
to data.swf.
- Then, in app.swf, I attempt to load data.swf using
loadMovie("http://xyz.a.server2.net/datadir/data.swf";, target_mc)
- I publish app.swf for Player 8, AS2, and upload it to
http://www.server1.com/test.
- I publish data.swf for Player 8, AS2, and upload it to
http://xyz.a.server2.net/datadir.

Here's what I get in flashlog.txt when I test it using IE7:

*** Security Sandbox Violation ***
SecurityDomain 'http://www.server1.com/test/' tried to access incompatible
context 'http://xyz.a.server2.net/datadir/crossdomain_2.xml'

Here's what I get when using Firefox:

*** Security Sandbox Violation ***
SecurityDomain 'http://www.server1.com/test/app.swf' tried to access
incompatible context 'http://xyz.a.server2.net/datadir/crossdomain_2.xml'

FWIW, in my testing, I found that if I publish data.swf for Player 5, the
error goes away in IE 7, but not in Firefox.

What am I missing?  I would think this should be pretty simple, as my code
is pretty basic (ie, data.swf doesn't do anything right now, other than
System.security.allowDomain and System.security.loadPolicyFile).

Thanks,
Shane

_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com

[Flashcoders] Security Sandbox Violation

Reply via email to