8 Replies Latest reply on Dec 10, 2010 10:01 AM by mig56

    Security Sandbox Violation

    mig56

      I have a Flash application in "domainA" and I'm running it from "domainB". The Flash application loads fine and runs. However, the history manager no longer works. When the user clicks on the back button they get:

       

      *** Security Sandbox Violation ***

      SecurityDomain 'domainB' tried to access incompatible context 'domainA'

       

      If I run the flash application within the same domain, everything works fine. I added the following in the flash application:

                      Security.allowDomain("*");

                      Security.allowInsecureDomain("*");

       

      And that still doesn't work.

       

      Thanks in advance....

       

        • 1. Re: Security Sandbox Violation
          saisri2k2 Level 4

          google on crossdomain.xml for flash.

          • 2. Re: Security Sandbox Violation
            mig56 Level 1

            I already did and I am loading it using Security.loadPolicyFile(). But still doesnt work.

            • 3. Re: Security Sandbox Violation
              Flex harUI Adobe Employee

              That probably requires allowScriptAccess

              • 4. Re: Security Sandbox Violation
                mig56 Level 1

                Already set and doesn't work.

                 

                In Main.mxml:

                 

                <mx:Application xmlns:fx = "http://ns.adobe.com/mxml/2009"

                                xmlns:s = "library://ns.adobe.com/flex/spark"

                                xmlns:mx = "library://ns.adobe.com/flex/mx"

                                layout = "absolute"

                                width = "100%"

                                height = "100%"

                                preinitialize = "preInit()"

                                .....>

                    <fx:Script>

                        <![CDATA[

                            ........

                 

                            private function preInit():void

                            {

                                Security.allowDomain("*");

                                Security.allowInsecureDomain("*");

                Security.loadPolicyFile("http:<<hidden>>/crossdomain.xml");

                            }

                .....

                </mx:Application>

                 

                In the html page:

                ......

                            var params = {};

                            params.allowscriptaccess = "always";

                 

                            swfobject.embedSWF(

                            "Main.swf", "flashContent",

                                "100%", "100%",

                                swfVersionStr, xiSwfUrlStr,

                                null, params, attributes);

                .......

                 

                CrossDomain.xml:

                <?xml version="1.0"?>

                <cross-domain-policy>

                    <site-control permitted-cross-domain-policies="all"/>

                    <allow-access-from domain="*"/>

                </cross-domain-policy>

                 

                 

                I've tried everything I can think of, spent over 1 day trying to resolve this issue and nothing seems to work. The next thing I am thinking is that this might be a Flex 4 issue.

                 

                Thanks

                • 5. Re: Security Sandbox Violation
                  mig56 Level 1

                  As I suspected, it is a Flex 4 issue. I created 2 simple Flex apps one in Flex 3 and the other in Flex 4. The browser back/forward buttons work fine in Flex 3 but no longer works in Flex 4.

                  They listen to the BrowserChangeEvent.BROWSER_URL_CHANGE. Did this change? I could upload the sample apps if needed.

                   

                  BrowserManager.getInstance().addEventListener(BrowserChangeEvent.

                                                                                BROWSER_URL_CHANGE,

                                                                                parseURL);

                  • 6. Re: Security Sandbox Violation
                    Flex harUI Adobe Employee

                    Simplify your test case as much as possible.  Flex 3 uses a different swf

                    embedding script than Flex 4 so double-check that you have set

                    allowScriptAccess properly.  And allowDomain in the SWF.

                    • 7. Re: Security Sandbox Violation
                      mig56 Level 1

                      The test cases are really simple. I wanted to zip up the projects and upload them, but I don't see a option here to upload.

                       

                      Yes, they allowScriptAccess is set to always in both places projects and the html generates correctly.

                       

                      Thanks.

                      • 8. Re: Security Sandbox Violation
                        mig56 Level 1

                        I also tried to register with the Flex bug management system....I'm still waiting for a email to confirm my account.