RE: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module
Modules are a Flex thing and require applicationdomain sharing, so loading a swf directly from the internet into a local sandbox won't work. Folks run into this snag on AiR all the time and have used URLLoader to load the SWF as a ByteArray and then use loadBytes to load the Module. Flex 3.2 ModuleManager added a loadbytes() API. However, the security model for the loadbytes'd SWF may vary from what you'll get when deployed so it isn't clear to me that doing this will actually save developer productivity. I'll make one last pitch for loading the SWF via http:. It isn't clear to me why you can't do that, and if you get that working, you'll be testing in the final security environment. For us it doesn't require copying the SWF to a remote server, we just run a web-server for http://localhost If you don't need modules and want to use sub-applications, Flex 3.2 implements the Marshal Plan which allows untrusted sub-applications to work with Flex so you could load an untrusted SWF directly from the internet. See the opensource documentation and my blog for info about Marshal Plan and its limitations (nothing is free). From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of hughesmatt78 Sent: Sunday, December 21, 2008 3:44 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module I appreciate that we aren't replicating the true production environment and I'm actually trying to figure out a way to do testing from the server while maintaining developer productivity, but the question remains: Does Flash player allow a Application SWF hosted by the filesystem load a module hosted over HTTP? If so, what needs to be changed with my very basic example code in the original message? --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>, Alex Harui wrote: > > Our automated testing harness launches the app in a browser at http://localhost:/foo.html so it runs in the deployed security environment. Otherwise, we always find surprises when we finally do deploy. If your final config is to deploy over http, I would find a way to do that from your harness. > > From: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > [mailto:flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>] On Behalf Of hughesmatt78 > Sent: Saturday, December 20, 2008 6:11 AM > To: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > I understand it's not a common configuration and I don't plan on > deploying my modules like this. The reason I want a local Application > SWF to load a remote module SWF is because I need to run my > integration tests on my local machine. The tests run against the web > application that serves the module SWFs. However, even though they > are both on my machine, the Application SWF loads from the filesystem, > whereas the modules are loaded from http://localhost. > > So to recap, I've tried running with localTrusted, > localWithNetworking. I have the most permissive crossdomain.xml on > the server where the modules live. I've tried several different > permutations of setting the ApplicationDomain. I've even tried > setting the SecurityDomain as I said in my previous post though > apparently a local SWF is just not allowed to do that. > > I did see something very briefly mentioned in the Adobe Flash Player > docs about setting DisableLocalSecurity/EnableLocalSecurity API calls > but I believe those are API calls of the player, not of the SDK and I > haven't figured out how I could call those methods on the plugin in > Firefox. > > Any other ideas? The Adobe docs really do indicate that this > configuration is possible yet I have yet to see anywhere where someone > has got this working. Am I chasing something that can't be done? Are > the docs wrong (see my initial post in this thread)? > > --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>, Alex Harui wrote: > > > > I was unclear you needed to load from different domains. I don't > know how you would get your current configuration to work when > deployed over HTTP unless the module and main swf were on the same > domain, and in such a case, relative URLs would be better. > > > > I think you are caught in one of those scenarios I described. In > order to use cross-domain modules, you need to set > SecurityDomain.currentDomain and thus can only test when deployed over > HTTP. For security reasons, cross-domain modules is not a comm
[flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module
I appreciate that we aren't replicating the true production environment and I'm actually trying to figure out a way to do testing from the server while maintaining developer productivity, but the question remains: Does Flash player allow a Application SWF hosted by the filesystem load a module hosted over HTTP? If so, what needs to be changed with my very basic example code in the original message? --- In flexcoders@yahoogroups.com, Alex Harui wrote: > > Our automated testing harness launches the app in a browser at http://localhost:/foo.html so it runs in the deployed security environment. Otherwise, we always find surprises when we finally do deploy. If your final config is to deploy over http, I would find a way to do that from your harness. > > From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of hughesmatt78 > Sent: Saturday, December 20, 2008 6:11 AM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > I understand it's not a common configuration and I don't plan on > deploying my modules like this. The reason I want a local Application > SWF to load a remote module SWF is because I need to run my > integration tests on my local machine. The tests run against the web > application that serves the module SWFs. However, even though they > are both on my machine, the Application SWF loads from the filesystem, > whereas the modules are loaded from http://localhost. > > So to recap, I've tried running with localTrusted, > localWithNetworking. I have the most permissive crossdomain.xml on > the server where the modules live. I've tried several different > permutations of setting the ApplicationDomain. I've even tried > setting the SecurityDomain as I said in my previous post though > apparently a local SWF is just not allowed to do that. > > I did see something very briefly mentioned in the Adobe Flash Player > docs about setting DisableLocalSecurity/EnableLocalSecurity API calls > but I believe those are API calls of the player, not of the SDK and I > haven't figured out how I could call those methods on the plugin in > Firefox. > > Any other ideas? The Adobe docs really do indicate that this > configuration is possible yet I have yet to see anywhere where someone > has got this working. Am I chasing something that can't be done? Are > the docs wrong (see my initial post in this thread)? > > --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>, Alex Harui wrote: > > > > I was unclear you needed to load from different domains. I don't > know how you would get your current configuration to work when > deployed over HTTP unless the module and main swf were on the same > domain, and in such a case, relative URLs would be better. > > > > I think you are caught in one of those scenarios I described. In > order to use cross-domain modules, you need to set > SecurityDomain.currentDomain and thus can only test when deployed over > HTTP. For security reasons, cross-domain modules is not a common > configuration. > > > > From: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> [mailto:flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>] > On Behalf Of hughesmatt78 > > Sent: Monday, December 15, 2008 11:59 AM > > To: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on > filesystem (SWF is not a loadable module > > > > > > How could I use relative URLs when I am purposely loading from a > > different domain. Again, I need to run the Application SWF from the > > filesystem and load the module from http://localhost (or some other > > domain). > > > > As far as setting the SecurityDomain.currentDomain, I have tried doing > > that, only to get this error: > > > > SecurityError: Error #2142: Security sandbox violation: local SWF > > files cannot use the LoaderContext.securityDomain property. > > > file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf> > > was attempting to load http://localhost/SimpleModuleProject.swf. > > at flash.display::Loader/_load() > > at flash.display::Loader/load() > > at > > > ModuleInfo/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:431] > > at > > > ModuleInfoProxy/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:986] > > > > --- In &g
RE: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module
Our automated testing harness launches the app in a browser at http://localhost:/foo.html so it runs in the deployed security environment. Otherwise, we always find surprises when we finally do deploy. If your final config is to deploy over http, I would find a way to do that from your harness. From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of hughesmatt78 Sent: Saturday, December 20, 2008 6:11 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module I understand it's not a common configuration and I don't plan on deploying my modules like this. The reason I want a local Application SWF to load a remote module SWF is because I need to run my integration tests on my local machine. The tests run against the web application that serves the module SWFs. However, even though they are both on my machine, the Application SWF loads from the filesystem, whereas the modules are loaded from http://localhost. So to recap, I've tried running with localTrusted, localWithNetworking. I have the most permissive crossdomain.xml on the server where the modules live. I've tried several different permutations of setting the ApplicationDomain. I've even tried setting the SecurityDomain as I said in my previous post though apparently a local SWF is just not allowed to do that. I did see something very briefly mentioned in the Adobe Flash Player docs about setting DisableLocalSecurity/EnableLocalSecurity API calls but I believe those are API calls of the player, not of the SDK and I haven't figured out how I could call those methods on the plugin in Firefox. Any other ideas? The Adobe docs really do indicate that this configuration is possible yet I have yet to see anywhere where someone has got this working. Am I chasing something that can't be done? Are the docs wrong (see my initial post in this thread)? --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>, Alex Harui wrote: > > I was unclear you needed to load from different domains. I don't know how you would get your current configuration to work when deployed over HTTP unless the module and main swf were on the same domain, and in such a case, relative URLs would be better. > > I think you are caught in one of those scenarios I described. In order to use cross-domain modules, you need to set SecurityDomain.currentDomain and thus can only test when deployed over HTTP. For security reasons, cross-domain modules is not a common configuration. > > From: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > [mailto:flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>] On Behalf Of hughesmatt78 > Sent: Monday, December 15, 2008 11:59 AM > To: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > How could I use relative URLs when I am purposely loading from a > different domain. Again, I need to run the Application SWF from the > filesystem and load the module from http://localhost (or some other > domain). > > As far as setting the SecurityDomain.currentDomain, I have tried doing > that, only to get this error: > > SecurityError: Error #2142: Security sandbox violation: local SWF > files cannot use the LoaderContext.securityDomain property. > file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf> > was attempting to load http://localhost/SimpleModuleProject.swf. > at flash.display::Loader/_load() > at flash.display::Loader/load() > at > ModuleInfo/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:431] > at > ModuleInfoProxy/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:986] > > --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>, Alex Harui wrote: > > > > Typically, you want to test in local-trusted instead of > local-with-networking and use relative paths to all assets (and have > those assets in the local filesystem). Then when you deploy those > files to a server in the same folder configuration, everything should > just work. > > > > If you use an absolute path, then in local-trusted it is seen as a > foreign domain, and by default modules will not work unless you set > the SecurityDomain.currentDomain on the module loader. However, that > will still set up a different "topology of trust" than when you deploy > and the loading app is on the same server as the module. > > > > So, o
[flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module
I understand it's not a common configuration and I don't plan on deploying my modules like this. The reason I want a local Application SWF to load a remote module SWF is because I need to run my integration tests on my local machine. The tests run against the web application that serves the module SWFs. However, even though they are both on my machine, the Application SWF loads from the filesystem, whereas the modules are loaded from http://localhost. So to recap, I've tried running with localTrusted, localWithNetworking. I have the most permissive crossdomain.xml on the server where the modules live. I've tried several different permutations of setting the ApplicationDomain. I've even tried setting the SecurityDomain as I said in my previous post though apparently a local SWF is just not allowed to do that. I did see something very briefly mentioned in the Adobe Flash Player docs about setting DisableLocalSecurity/EnableLocalSecurity API calls but I believe those are API calls of the player, not of the SDK and I haven't figured out how I could call those methods on the plugin in Firefox. Any other ideas? The Adobe docs really do indicate that this configuration is possible yet I have yet to see anywhere where someone has got this working. Am I chasing something that can't be done? Are the docs wrong (see my initial post in this thread)? --- In flexcoders@yahoogroups.com, Alex Harui wrote: > > I was unclear you needed to load from different domains. I don't know how you would get your current configuration to work when deployed over HTTP unless the module and main swf were on the same domain, and in such a case, relative URLs would be better. > > I think you are caught in one of those scenarios I described. In order to use cross-domain modules, you need to set SecurityDomain.currentDomain and thus can only test when deployed over HTTP. For security reasons, cross-domain modules is not a common configuration. > > From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of hughesmatt78 > Sent: Monday, December 15, 2008 11:59 AM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > How could I use relative URLs when I am purposely loading from a > different domain. Again, I need to run the Application SWF from the > filesystem and load the module from http://localhost (or some other > domain). > > As far as setting the SecurityDomain.currentDomain, I have tried doing > that, only to get this error: > > SecurityError: Error #2142: Security sandbox violation: local SWF > files cannot use the LoaderContext.securityDomain property. > file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf > was attempting to load http://localhost/SimpleModuleProject.swf. > at flash.display::Loader/_load() > at flash.display::Loader/load() > at > ModuleInfo/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:431] > at > ModuleInfoProxy/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:986] > > --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>, Alex Harui wrote: > > > > Typically, you want to test in local-trusted instead of > local-with-networking and use relative paths to all assets (and have > those assets in the local filesystem). Then when you deploy those > files to a server in the same folder configuration, everything should > just work. > > > > If you use an absolute path, then in local-trusted it is seen as a > foreign domain, and by default modules will not work unless you set > the SecurityDomain.currentDomain on the module loader. However, that > will still set up a different "topology of trust" than when you deploy > and the loading app is on the same server as the module. > > > > So, only use absolute paths if you'll always be loading the module > from a different domain. There might be issues using > SecurityDomain.currentDomain in local-trusted sandboxes. You can > sometimes get yourself into configurations that can only be tested > while deployed and served over http: > > > > From: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> [mailto:flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>] > On Behalf Of hughesmatt78 > > Sent: Monday, December 15, 2008 7:33 AM > > To: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on > filesystem (SWF is not a loadable module > > > > > > My sandbox type is local-trusted. According to the Flash Security > > white
RE: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module
I was unclear you needed to load from different domains. I don't know how you would get your current configuration to work when deployed over HTTP unless the module and main swf were on the same domain, and in such a case, relative URLs would be better. I think you are caught in one of those scenarios I described. In order to use cross-domain modules, you need to set SecurityDomain.currentDomain and thus can only test when deployed over HTTP. For security reasons, cross-domain modules is not a common configuration. From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of hughesmatt78 Sent: Monday, December 15, 2008 11:59 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module How could I use relative URLs when I am purposely loading from a different domain. Again, I need to run the Application SWF from the filesystem and load the module from http://localhost (or some other domain). As far as setting the SecurityDomain.currentDomain, I have tried doing that, only to get this error: SecurityError: Error #2142: Security sandbox violation: local SWF files cannot use the LoaderContext.securityDomain property. file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf was attempting to load http://localhost/SimpleModuleProject.swf. at flash.display::Loader/_load() at flash.display::Loader/load() at ModuleInfo/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:431] at ModuleInfoProxy/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:986] --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>, Alex Harui wrote: > > Typically, you want to test in local-trusted instead of local-with-networking and use relative paths to all assets (and have those assets in the local filesystem). Then when you deploy those files to a server in the same folder configuration, everything should just work. > > If you use an absolute path, then in local-trusted it is seen as a foreign domain, and by default modules will not work unless you set the SecurityDomain.currentDomain on the module loader. However, that will still set up a different "topology of trust" than when you deploy and the loading app is on the same server as the module. > > So, only use absolute paths if you'll always be loading the module from a different domain. There might be issues using SecurityDomain.currentDomain in local-trusted sandboxes. You can sometimes get yourself into configurations that can only be tested while deployed and served over http: > > From: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > [mailto:flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>] On Behalf Of hughesmatt78 > Sent: Monday, December 15, 2008 7:33 AM > To: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > My sandbox type is local-trusted. According to the Flash Security > white paper, local-trusted has *at least* the priviledges of > local-with-networking. > > "localWithNetwork: This SWF file is a local file and has not been > trusted by the user, but it was > published with a networking designation. This SWF may communicate with > the Internet but may not > read from local data sources. > localTrusted: This SWF file is a local file and has been trusted by > the user, using either the > Settings Manager or a FlashPlayerTrust configuration file. This SWF > file may both read from local > data sources and communicate with the Internet. > " > > I did change it to local-with-networking, but I get the same error: > > Finished loading crossdomain. > > > > > > [SWF] /SimpleModuleProject.swf - 574,981 bytes after decompression > *** Security Sandbox Violation *** > SecurityDomain > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > tried to access incompatible context 'http://localhost/crossdomain.xml' > *** Security Sandbox Violation *** > SecurityDomain > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > tried to access incompatible context 'http://localhost/crossdomain.xml' > Failed to load module > SWF is not a loadable module > > Any ideas? > > --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.c
[flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module
How could I use relative URLs when I am purposely loading from a different domain. Again, I need to run the Application SWF from the filesystem and load the module from http://localhost (or some other domain). As far as setting the SecurityDomain.currentDomain, I have tried doing that, only to get this error: SecurityError: Error #2142: Security sandbox violation: local SWF files cannot use the LoaderContext.securityDomain property. file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf was attempting to load http://localhost/SimpleModuleProject.swf. at flash.display::Loader/_load() at flash.display::Loader/load() at ModuleInfo/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:431] at ModuleInfoProxy/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:986] --- In flexcoders@yahoogroups.com, Alex Harui wrote: > > Typically, you want to test in local-trusted instead of local-with-networking and use relative paths to all assets (and have those assets in the local filesystem). Then when you deploy those files to a server in the same folder configuration, everything should just work. > > If you use an absolute path, then in local-trusted it is seen as a foreign domain, and by default modules will not work unless you set the SecurityDomain.currentDomain on the module loader. However, that will still set up a different "topology of trust" than when you deploy and the loading app is on the same server as the module. > > So, only use absolute paths if you'll always be loading the module from a different domain. There might be issues using SecurityDomain.currentDomain in local-trusted sandboxes. You can sometimes get yourself into configurations that can only be tested while deployed and served over http: > > From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of hughesmatt78 > Sent: Monday, December 15, 2008 7:33 AM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > My sandbox type is local-trusted. According to the Flash Security > white paper, local-trusted has *at least* the priviledges of > local-with-networking. > > "localWithNetwork: This SWF file is a local file and has not been > trusted by the user, but it was > published with a networking designation. This SWF may communicate with > the Internet but may not > read from local data sources. > localTrusted: This SWF file is a local file and has been trusted by > the user, using either the > Settings Manager or a FlashPlayerTrust configuration file. This SWF > file may both read from local > data sources and communicate with the Internet. > " > > I did change it to local-with-networking, but I get the same error: > > Finished loading crossdomain. > > > > > > [SWF] /SimpleModuleProject.swf - 574,981 bytes after decompression > *** Security Sandbox Violation *** > SecurityDomain > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf' > tried to access incompatible context 'http://localhost/crossdomain.xml' > *** Security Sandbox Violation *** > SecurityDomain > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf' > tried to access incompatible context 'http://localhost/crossdomain.xml' > Failed to load module > SWF is not a loadable module > > Any ideas? > > --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>, Alex Harui wrote: > > > > Check your sandboxType. I'll bet it is local-trusted and not > local-with-networking. > > > > From: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> [mailto:flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>] > On Behalf Of hughesmatt78 > > Sent: Saturday, December 13, 2008 11:33 AM > > To: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > > Subject: [flexcoders] Loading network SWFs from SWF hosted on > filesystem (SWF is not a loadable module > > > > > > I'm trying so far in vain to load a module from a network domain from > > a SWF that was loaded via the filesystem. Every time I try and load > > the module, I get the following error: > > > > "SWF is not a loadable module." > > > > I have seen this same problem discussed elsewhere on FlexCoders and > > other blogs but I am getting very conflicting views. Some people say > > this kind of module loading is not supported > > (http://www.nabble.com/Problems-using-Flex
RE: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module
Typically, you want to test in local-trusted instead of local-with-networking and use relative paths to all assets (and have those assets in the local filesystem). Then when you deploy those files to a server in the same folder configuration, everything should just work. If you use an absolute path, then in local-trusted it is seen as a foreign domain, and by default modules will not work unless you set the SecurityDomain.currentDomain on the module loader. However, that will still set up a different "topology of trust" than when you deploy and the loading app is on the same server as the module. So, only use absolute paths if you'll always be loading the module from a different domain. There might be issues using SecurityDomain.currentDomain in local-trusted sandboxes. You can sometimes get yourself into configurations that can only be tested while deployed and served over http: From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of hughesmatt78 Sent: Monday, December 15, 2008 7:33 AM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module My sandbox type is local-trusted. According to the Flash Security white paper, local-trusted has *at least* the priviledges of local-with-networking. "localWithNetwork: This SWF file is a local file and has not been trusted by the user, but it was published with a networking designation. This SWF may communicate with the Internet but may not read from local data sources. localTrusted: This SWF file is a local file and has been trusted by the user, using either the Settings Manager or a FlashPlayerTrust configuration file. This SWF file may both read from local data sources and communicate with the Internet. " I did change it to local-with-networking, but I get the same error: Finished loading crossdomain. [SWF] /SimpleModuleProject.swf - 574,981 bytes after decompression *** Security Sandbox Violation *** SecurityDomain 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf' tried to access incompatible context 'http://localhost/crossdomain.xml' *** Security Sandbox Violation *** SecurityDomain 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf' tried to access incompatible context 'http://localhost/crossdomain.xml' Failed to load module SWF is not a loadable module Any ideas? --- In flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>, Alex Harui wrote: > > Check your sandboxType. I'll bet it is local-trusted and not local-with-networking. > > From: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > [mailto:flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com>] On Behalf Of hughesmatt78 > Sent: Saturday, December 13, 2008 11:33 AM > To: flexcoders@yahoogroups.com<mailto:flexcoders%40yahoogroups.com> > Subject: [flexcoders] Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > I'm trying so far in vain to load a module from a network domain from > a SWF that was loaded via the filesystem. Every time I try and load > the module, I get the following error: > > "SWF is not a loadable module." > > I have seen this same problem discussed elsewhere on FlexCoders and > other blogs but I am getting very conflicting views. Some people say > this kind of module loading is not supported > (http://www.nabble.com/Problems-using-Flex-modules-td15188446.html) > but the Adobe Flash Player 9 Security white paper clearly indicate it > is possible: > > "A SWF file may also call Security.allowDomain() with the wildcard > parameter "*" to allow any domain. > This is necessary to allow a local-with-networking SWF file to > cross-script a network SWF file." > > Anyway, off to the example project I created. Here are two very basic > mxmls. > > TestApplication.mxml -- (loaded via file system, this attempts to load > a simple module hosted at localhost) > > http://www.adobe.com/2006/mxml"; > layout="vertical" initialize="init()"> > > > > > > > > > error="erroredOut(event)" > applicationDomain="{ApplicationDomain.currentDomain}"/> > > > SimpleModule.mxml (the module hosted at localhost) > > http://www.adobe.com/2006/mxml"; > initialize="Security.allowDomain('*')" > > > > > And the crossdomain.xml file hosted at localhost. (Although according > to some Adobe docs, this file is not even needed to do crossscripting, > only for loading data.) > > > > > > Note that I can get this example to wor
[flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module
My sandbox type is local-trusted. According to the Flash Security white paper, local-trusted has *at least* the priviledges of local-with-networking. "localWithNetwork: This SWF file is a local file and has not been trusted by the user, but it was published with a networking designation. This SWF may communicate with the Internet but may not read from local data sources. localTrusted: This SWF file is a local file and has been trusted by the user, using either the Settings Manager or a FlashPlayerTrust configuration file. This SWF file may both read from local data sources and communicate with the Internet. " I did change it to local-with-networking, but I get the same error: Finished loading crossdomain. [SWF] /SimpleModuleProject.swf - 574,981 bytes after decompression *** Security Sandbox Violation *** SecurityDomain 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf' tried to access incompatible context 'http://localhost/crossdomain.xml' *** Security Sandbox Violation *** SecurityDomain 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf' tried to access incompatible context 'http://localhost/crossdomain.xml' Failed to load module SWF is not a loadable module Any ideas? --- In flexcoders@yahoogroups.com, Alex Harui wrote: > > Check your sandboxType. I'll bet it is local-trusted and not local-with-networking. > > From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of hughesmatt78 > Sent: Saturday, December 13, 2008 11:33 AM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > I'm trying so far in vain to load a module from a network domain from > a SWF that was loaded via the filesystem. Every time I try and load > the module, I get the following error: > > "SWF is not a loadable module." > > I have seen this same problem discussed elsewhere on FlexCoders and > other blogs but I am getting very conflicting views. Some people say > this kind of module loading is not supported > (http://www.nabble.com/Problems-using-Flex-modules-td15188446.html) > but the Adobe Flash Player 9 Security white paper clearly indicate it > is possible: > > "A SWF file may also call Security.allowDomain() with the wildcard > parameter "*" to allow any domain. > This is necessary to allow a local-with-networking SWF file to > cross-script a network SWF file." > > Anyway, off to the example project I created. Here are two very basic > mxmls. > > TestApplication.mxml -- (loaded via file system, this attempts to load > a simple module hosted at localhost) > > http://www.adobe.com/2006/mxml"; > layout="vertical" initialize="init()"> > > > > > > > > > error="erroredOut(event)" > applicationDomain="{ApplicationDomain.currentDomain}"/> > > > SimpleModule.mxml (the module hosted at localhost) > > http://www.adobe.com/2006/mxml"; > initialize="Security.allowDomain('*')" > > > > > And the crossdomain.xml file hosted at localhost. (Although according > to some Adobe docs, this file is not even needed to do crossscripting, > only for loading data.) > > > > > > Note that I can get this example to work fine if I host the > Application SWF from one network domain and load the module from > another network domain without changing a thing. I only get the error > when the loading SWF is hosted on the filesystem. Also note that the > Application.swf is in a folder designated as locally trusted and I > confirm this by looking at the Security.sandboxType variable at runtime. > > I am using Flex 3 and running this with Flash Player 9 debugger version. > > So my questions are: > > * Is this scenario even supported? If not, what's with the > documentation I quoted from Adobe above? If yes, what am I missing? > * And do crossdomain.xml files even used when doing crossscripting? > Or are they just often conflated with module loading because you often > load modules and data from the same server? >