Security Violation of Swf Files

November 23, 2008 – 10:58 pm

Loading external files in Flash is simple process. First you need to create a Loader object and than give address of material which is have to be loaded to Loader object. This is simple process which supposes to be work fine but there is a high chance that you may get in error. Especially when you try to reach the files under different domain names or same domain name but when you don’t type www to beginning of the domain name. For example lets say we have two different domain name and we want to keep common files in one server.

Farklı sunuculardan dosya yüklemek

The swf file under Server A is tyring to get images from server B. For server A to reach server B there muse be an crossdomain.xml file under Server B. When swf file works in Flash Player, swf file will try to get images from server B. Flash Player will check the crossdomain.xml file for which domain name is allow and which is not. Basically this xml file allows different domains to access to files. Xml file is look like this;

  1. <xml version="1.0">
  2. <cross-domain-policy>
  3. <allow-access-from domain="*"></allow-access-from>
  4. </cross-domain-policy>
  5. </xml>

This xml file is allowing any domain to use files under server B. If you want only one server to reach those files you can change asterisk(*) with any domain name that you want. While you are writing the domain name you have to be careful to differentiate between;

www.enginyoyen.com
and
enginyoyen.com

Those two domain name is different than each other. Even know is under same domain name is still a different domain name. This XML file is enough to solve loading files from different domain names. But sometimes because of circumstances this wont be enough. Everythign might be totally fine but you can get an such an error which say;

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation http://enginyoyen.com…..

So how we can solve this problem?
Solution of this problem is using the LoaderContext class. This class is sets the loading properties of the material that we want to load in swf files. What we have to do is create new LoaderContext object and set the checkPolicyFile property true. Afterwards we have to give this object as a parameter to load method;

  1. var context:LoaderContext = new LoaderContext();
  2. context.checkPolicyFile = true;
  3. loader.load(urlReq,context);

The total code should look like this;

  1. var context:LoaderContext = new LoaderContext();
  2. context.checkPolicyFile = true;
  3.  
  4. var loader =  new Loader ();
  5. var urlReq:URLRequest("image_or_anyother_material.jpg");
  6. loader.load(urlReq,context);
  7.  
  8. loader.contentLoaderInfo.addEventListener(Event.COMPLETE, completeHandler);
  9. loader.contentLoaderInfo.addEventListener(Event.OPEN, openHandler);
  10. loader.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);
  11.  
  12. function openHandler(e:Event) {
  13. //start to load file
  14. }
  15. function completeHandler(e:Event) {
  16. //file loaded
  17. }
  18. function ioErrorHandler(e:IOErrorEvent):void {
  19. //error
  20. }

Other issue is Flash Player is giving error even if all the files are under one domain name. Biggest reason fort hat is reuested domain name are different. That’ why Flash Player gives error;

www.enginyoyen.com
and
enginyoyen.com

This is a basic security violation for Flash Player, so even under same domain name you may get error. But you can use these methods to solve your problem.
Take Care
Engin!



  1. 1 Trackback(s)

  2. Dec 5, 2008: localToGlobal » Blog Archive » news review -> 48th week of 2008

Leave a Reply


Creative Commons LicenseSome rights of this website has been reserved to Engin Yöyen. Articles on the blog licenced by Creative Commons Attribution-Noncommercial 3.0 Unported