Flex does not currently support cross-domain sub-apps
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of Muhammad Ahmed Ullah
Sent: Wednesday, January 09, 2008 3:46 AM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Security issue in crossscripting
Hello,
When loading a SWF file (inner.swf) within a SWF file (outer.swf)
through Loader's object, I'm getting the following error message:
SecurityError: Error #2047: Security sandbox violation: parent:
http://192.168.0.20/wid/inner.swf <http://192.168.0.20/wid/inner.swf>
cannot access
http://192.168.0.18:81/Any/container/outer.swf.
<http://192.168.0.18:81/Any/container/outer.swf.>
at flash.display::DisplayObject/get parent()
at
mx.managers::SystemManager/executeCallbacks()[E:\dev\flex_3_beta3\sdk\fr
ameworks\projects\framework\src\mx\managers\SystemManager.as:1518]
at
mx.managers::SystemManager/docFrameHandler()[E:\dev\flex_3_beta3\sdk\fra
meworks\projects\framework\src\mx\managers\SystemManager.as:2311]
Both files are placed on different domains.
On the server of inner.swf file, crossdomain.xml exists with the "*"
permission.
In the initialize event handler of inner.swf file,
Security.allowDomain("*") also exists.
If I write "Security.allowDomain("*")" in outer.swf file, before
loading the inner.swf, then this error gets solved.
But my question is, "Why is it necessary to use allowDomain() in the
outer.swf file, as I don't want to allow inner.swf file to access
outer.swf file?" or "How can I solve this error without using the
allowDomain() in outer.swf file?"
Thanks,
Ahmed
