6 Replies Latest reply on Feb 13, 2018 3:48 AM by Robert Mc Dowell

    SecurityError: Error #2123: Security sandbox violation: BitmapData.draw

    b.siroshton Level 1

      I know this has been discussed a few times and it seems this is working for some but no matter what I try I am unable to overcome this error.  In a nutshell I am trying to capture video frames and draw them to a bitmap using OSMF (f4m's specifically).  I have looked over and tried suggestions from these discussions:






      What I am trying now is as follows.


      I created a crossdomain.xml for my root (all my testing is currently on a local web server), my crossdomain looks like this:


      <?xml version="1.0"?>

      <!-- http://www.foo.com/crossdomain.xml -->

      <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">


        <allow-access-from domain="*"/>

                <site-control permitted-cross-domain-policies="all"/>

        <allow-http-request-headers-from domain="*" headers="*"/>



      My load routine look like this:


      _player = new MediaPlayerSprite();


      Security.loadPolicyFile(url.root + "/crossdomain.xml");

      _player.resource = new URLResource(url.toString());

      _player.mediaPlayer.addEventListener(MediaPlayerStateChangeEvent.MEDIA_PLAYER_STATE_CHANGE , onPlayerStateChange, false, 0, true);


      Then as suggested in the other discussions, I don't try to copy the bitmap until I get a playing state event in my onPlayerStateChange handler.  In this handler I set a flag that says it is ok to copy the bitmap and then in my onFrameEnter handler if this flag is set then I attempt to copy the bitmap.


      I am not sure quite what else to try next.  I have monitored the traffic to my test page and I can see the crossdomain.xml gets loaded, also the video loads and I can hear it but until I can fix this I of course can not see it.


      I am not sure if it matters but my DisplayObject that holds all this code never gets added to the stage.  This is because it exposes a bitmap as a property that other objects can access when they want to get and use the video data.  I mention this because maybe the security model is not completed until something gets added to the stage? 


      Any help would be greatly appreciated.  Thanks!

        • 1. Re: SecurityError: Error #2123: Security sandbox violation: BitmapData.draw
          b.siroshton Level 1

          I am still stuck on this.. the condition this occurs seems to be when NetStream.appendBytes is being used, checkPolicyFile has no effect.  Is this an oversight by Adobe or is there a way to work around this?


          • 2. Re: SecurityError: Error #2123: Security sandbox violation: BitmapData.draw
            the Masked Mushroom Level 1

            If you don't need to manipulate the pixels of the image, putting your loading statements in a try/catch block and just swallowing the error still displays the image. The thing is that you need to catch that error.


            From then on, you can show the image, but not access the bitmapdata of the loader. That will always give you an error if the security sandbox refused it originally.


            Also, try toggling the "check policy file" parameter. If I remember it well, it does have an effect (again, in a try/catch block).

            • 3. Re: SecurityError: Error #2123: Security sandbox violation: BitmapData.draw
              b.siroshton Level 1

              I tried that but still no go.


              I put together a quick example to demonstrate the problem, here is the code:



                   import flash.display.Bitmap;
                   import flash.display.BitmapData;
                   import flash.events.Event;
                   import flash.system.Security;
                   import mx.events.FlexEvent;
                   import spark.components.Application;
                   import spark.core.SpriteVisualElement;
                   import org.osmf.containers.MediaContainer;
                   import org.osmf.elements.F4MElement;
                   import org.osmf.media.MediaPlayer;
                   import org.osmf.media.URLResource;
                   public class HttpDynamicStreaming_ extends Application
                        public var _display:SpriteVisualElement;
                        private var _element:F4MElement;
                        private var _player:MediaPlayer;
                        private var _container:MediaContainer;
                        private var _copy:Bitmap;
                        public function HttpDynamicStreaming_()
                             addEventListener(FlexEvent.APPLICATION_COMPLETE, applicationComplete, false, 0, true);
                             addEventListener(Event.ENTER_FRAME, enteredFrame, false, 0, true);
                        private function applicationComplete(event:FlexEvent) : void
                             Security.loadPolicyFile("http://[my ip]/crossdomain.xml");
                             loadVideo("http://[my ip]/f4f/test.f4m");
                        public function loadVideo(url:String) : void
                             var resource:URLResource = new URLResource(url);               
                             _element = new F4MElement();
                             _element.resource = resource;
                             _player = new MediaPlayer(_element);
                             _player.autoPlay = true;
                             _player.autoRewind = true;
                             _container = new MediaContainer();
                        private function enteredFrame(event:Event) : void
                             if( !_player ) return;               
                             if( isNaN(_player.mediaWidth) || isNaN(_player.mediaHeight) ) return;
                             if( _player.mediaWidth==0 || _player.mediaHeight==0 ) return;
                             if( !_copy )
                                  // create a bitmap to hold or vide and display it in the upper left corner on top of the MediaContainer
                                  _copy = new Bitmap(new BitmapData(_player.mediaWidth, _player.mediaHeight));
                                  _copy.x = _copy.y = 20;
                                  _copy.scaleX = _copy.scaleY = 0.25;


              Here is the accompanying mxml file:


              <?xml version="1.0" encoding="utf-8"?>









                   <s:SpriteVisualElement id="_display"/> 


              • 4. Re: SecurityError: Error #2123: Security sandbox violation: BitmapData.draw
                the Masked Mushroom Level 1

                I might have found a lead on this one:




                They suggest detaching the netstream, drawing to the Bitmapdata and reattaching the stream.

                I checked around a little, and it is possible to access the netStream from the NetStreamLoadTrait class, but this class is [ExcludeClass], so pretty deeply nested in the core of the framework and would require some extensions to make it available on the media.


                One could "un-exclude" NetStreamLoadTrait, catch the load trait (MediaElementEvent.TRAIT_ADD) on the media and cast it as NetStreamLoadTrait. This would give you access to the NetStream instance.



                • 5. Re: SecurityError: Error #2123: Security sandbox violation: BitmapData.draw
                  dawzrd Level 1

                  The way I have gotten around this issue (3 years later from your question) is to not draw a bitmap of the root/stage, but to add everything on the stage into a child movieClip, and then draw that.

                  • 6. Re: SecurityError: Error #2123: Security sandbox violation: BitmapData.draw
                    Robert Mc Dowell Level 4

                    How could you put all the stage in a movieclip without to destroy all your development scope?