5 Replies Latest reply on Mar 23, 2011 11:18 PM by Flex harUI

    Image upload: Security error 2049




      I have a flex 4.0 application that must offer the possibility to upload an image.

      However, whenever I try to upload an image, it seems to fail with a security error (#2049: Sandbox violation).

      I tested it on my local test server, and it failed too, but when I run the SWF as a LOCAL file, that is, with an address starting with file:// it does seem to work.

      On the production server, the swf is located in the website root. The PHP script (index.php) that handles the upload is located in the ./services/clubs subdirectories and it attempts to move the uploaded file to ./img/clubs .

      I've been playing with the file permissions of course, setting 766 and later 777 on both the upload target folder and the php script folder. Nothing seemed to help...


      I'm on a professional webhost and I suppose they offer the opportunity to upload files. The file I have been trying to upload was only 47k, so I guess the size isn't a big issue...


      I upload the file with this instruction, where file is an object of type FileReference:

      var request:URLRequest = new URLRequest("http://www.mywebsite.com/services/clubs");


      I've tried to put a crossdomain.xml where I seem to all communication with the webserver, but that crossdomain.xml raised an IOError...

      I don't think a crossdomain.xml is really a solution as the SWF, the PHP scripts and the upload folder(s) are located on the same webserver.


      I was wondering if anyone could give me a few clues on what could be causing this error... My customer is getting impatient regarding the application's upload features, and I'm currently out of idea's...

        • 1. Re: Image upload: Security error 2049
          Flex harUI Adobe Employee

          You may need to use a proxy server.

          1 person found this helpful
          • 2. Re: Image upload: Security error 2049
            Freydaklin Level 1

            Thanks a lot for your answer!

            However, could you be a bit more precise? Do you suggest specific server software?

            Do you also know what is causing this issue? I mean, uploading an image to a PHP script, everything running on the same server... what's more trivial? Since it seems to bug (well, not sure if it's a bug...) on both my home test server and the production server, I guess there's something I'm missing, or there's a feature Flex is missing...

            I've tried to understand this issue, and the only thing that seems to make sense to me is the "sandbox" being way too strict regarding file upload http requests...


            Right now I'm working on making a little HTML page that acts as an upload form, which I load using ajax in a DIV that I overlay on my Flex application. I'm about to use Flex/javascript interaction to "popup" that DIV. It seems to work well as a temporary solution, because I can't afford letting my customer wait any longer for this feature!

            However, I'm still looking for an explanation/solution to the mentioned issue. Because the HTML-way is just a temporary solution.


            Thanks in advance for any assistance.

            • 3. Re: Image upload: Security error 2049
              Flex harUI Adobe Employee

              I think the security rules are such that a Flash SWF cannot upload a file

              from a different domain w/o user permission and/or a crossdomain.xml file.

              Otherwise, I would publish a popular game or facebook app that would try to

              upload random URLs to my server and maybe steal a valuable photo of a

              top-secret project.  The Flash SWF is running inside the firewall so it

              needs more restrictions.


              A proxy server would probably be a service on your server where you send it

              a URL and it goes and gets it.  Then it is outside the firewall if there is



              There are plenty of posts on proxy servers.

              • 4. Re: Image upload: Security error 2049
                Freydaklin Level 1

                Thank you for your answer. It looks like a crossdomain.xml is needed for cross-domain communication indeed, but my application does not need cross-domain communication! Everything is running on the same server. The folders have been chmod'ed correctly (proof: I can upload through a simple HTML form).

                So I still have trouble understanding what's going wrong...


                As I think I've mentioned before, I can upload on my local test server when I'm running the application locally (that is, with an address starting with file:// ). When I execute the Flex application through its http:// address (in my case: http://localhost/.... ), or when I upload it to the production server, it looks like file uploading is disabled. Even for small 20kB files! And regular (POST and GET) HTTP requests are working!


                Thanks again for the reactions, any assistance is greatly appreciated.

                • 5. Re: Image upload: Security error 2049
                  Flex harUI Adobe Employee

                  It isn't about size or file attributes, it is about security.  When you run

                  from file:// you have different security rules.  We relax restrictions

                  assuming you are doing development and/or trust the supplier of the SWF.


                  When running from http:// security rules are tight.  The SWF is running

                  inside your firewall so we can't let you upload foreign content, otherwise I

                  would steal images off internal servers.  You can set up trust files/change

                  settings if you trust the SWF.