Skip navigation
RaviDarji
Currently Being Moderated

SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: cannot access

Mar 6, 2012 12:53 AM

Tags: #google #files #map #policy #bitmapdata.draw() #securityerror #2123

When we try to print the Google Map API for Flash component, it is throwing the Security Sandbox Violation

 

      SecurityError: Error #2123: Security sandbox violation: BitmapData.draw: http://ps6143:8080/aa/XYZ/Main.swf/[[DYNAMIC]]/1 cannot access  http://mt1.google.com/vt/lyrs=m@171000000&hl=en&src=api&x=1&y=1&z=1&s= Gali&flc=x3t. No policy files granted access.

at flash.display::BitmapData/draw()

 

To avoid this error we tried to use the alternate API provided by library. But that also causing cross domain issue as it loading some 3d library internally which is not able to access our application.

 

SecurityError: Error #2121: Security sandbox violation: BitmapData.draw: http://maps.googleapis.com/mapfiles/lib/map_1_20_10_3d.swf cannot access http://ps6143.persistent.co.in:8080/dv/SiteOptimizer/SiteOptimizer.swf /%5b%5bDYNAMIC%5d%5d/1http://ps6143:8080/aa/XYZ/Main.swf/[[DYNAMIC]]/1. This may be worked around by calling Security.allowDomain.

at flash.display::BitmapData/draw()

 

Please help us in resolving this issue.

 

Thanks & Regrds,

Ravi Darji

 
Replies
  • Currently Being Moderated
    Dec 3, 2012 10:47 AM   in reply to RaviDarji

    Does anyone know anything about this?

     

    Thank you

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 3, 2012 11:47 PM   in reply to mrbrez

    You cannot access bitmap data from other domains.

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 11, 2012 9:23 AM   in reply to Flex harUI

    Is this a change to how Flash works? I've read posts elsewhere saying that they used to be able to use BitmapData.draw, and it no longer works.

     

    I used Charles to create a local file mapping for YouTube's two crossdomain.xml policy files (allowing "*") and it still didn't work, so what you say makes a lot of sense. Was there a reason for blocking it for all developers, no matter what the crossdomain policy file states?

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 11, 2012 4:31 PM   in reply to jowie74

    This has been true “forever”.  But things can change in the way you are hosting your SWF to suddenly cause the images to come from other domains.  Or maybe a new version of some library you are using changed its caching or visualization strategy and is now using bitmaps

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 12, 2012 2:00 AM   in reply to Flex harUI

    So does Flash not allow BitmapData.draw from any other domain, despite what the crossdomain policy file says? I ask, because I read another developer was having problems with his project that grabbed images from Vimeo and mapped them onto a 3D cube. He *says* that it used to work and now it doesn't, so I can only assume he is not telling the full story?

     

    Also, before I go ahead and try a different strategy, will I come across the same issue if I try building my app in AIR?

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 12, 2012 8:38 AM   in reply to jowie74

    A crossdomain.xml on the same domain that is serving the image will allow BitmapData.draw to work.  But the crossdomain.xml file has to have the right settings and be in the right place.  I’m not sure how that survives re-directs if at all.

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 12, 2012 9:23 AM   in reply to Flex harUI

    There is no redirect... Charles is a web proxy so it will look completely legitimate to the browser.

     

    According to the help, it's getting the access request from the SWF itself and not the crossdomain.xml file:

    In the case of a source object other than a loaded bitmap, the source object and (in the case of a Sprite or MovieClip object) all of its child objects must come from the same domain as the object calling the draw() method, or they must be in a SWF file that is accessible to the caller by having called the Security.allowDomain()method.

     

    http://help.adobe.com/en_US/ActionScript/3.0_ProgrammingAS3/WS5b3ccc51 6d4fbf351e63e3d118a9b90204-7d1b.html#WS5b3ccc516d4fbf351e63e3d118a9b90 204-7c4a

     

    So the default state accessing a SWF on a different domain is protected, unless that SWF allows some or all domains to access it via the Security.allowDomain() method.

     
    |
    Mark as:
  • Currently Being Moderated
    Dec 12, 2012 9:51 AM   in reply to jowie74

    Sorry, thought you were talking about accessing loaded bitmaps.  For bitmaps, either you have the crossdomain.xml to allow BitmapData.draw or you don’t.

     

    For SWFs, there are two ways to be allowed access.  If you set the SecurityDomain property on the LoaderContext AND have the right crossdomain.xml file, then you will be allowed access regardless of whether the loaded SWF called allowDomain or not.

     

    I’m not sure what you mean by “access request from the SWF and not the crossdomain..”.  I think if you use charles or other network monitors you should see a request for the crossdomain.xml before the request for the SWF.  The default location for crossdomain.xml is the root of the domain.  If it lives elsewhere, you will need to add code to fetch the crossdomain.xml from that other location.

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points