4 Replies Latest reply on Jul 3, 2011 4:24 AM by rphh

    Security Sandbox Violation with web service


      Help!!! Security Sandbox Violation is driving me crazy. Any thoughts on the following would be appreciated.


      I have an app that is both a web and air app. They both share a common library. The web app was working fine but I hadn't run it in a while. The air app runs fine but of course, it doesn't care about the crossdomain.xml file.


      I am now getting,

      *** Security Sandbox Violation ***

      Connection to http://www.appserverhost.com/signin halted - not permitted from http://localhost/~user/AppWeb.swf/[[DYNAMIC]]/4


      The crossdomain.xml at http://www.appserverhost.com/crossdomain.xml is correct. (In this case, the web app was run from the debugger)


      In trying to debug this, I created a simple web app that first performed a,

      Security.loadPolicyFile(host + "/crossdomain.xml") ,

      whereas I hadn't needed that before. That is, previously, flash loaded the crossdomain.xml automatically, the first time I invoked the web service below.


      Two problems,

      1- if I invoke the web service too soon, e.g. at the end of the onCreationComplete, I get the

      infamous *** Security Sandbox Violation ***. If I wait, no problem

      2- if I invoke the web service from the library, I still get the *** Security Sandbox Violation ***


      public function onCreationComplete():void {

      var host : String = "http://www.appserverhost.com";


      Security.loadPolicyFile(host + "/crossdomain.xml");


      var operations:Array = new Array();


      userService.baseURL = host;

      userService.requestTimeout = 15;


      var operation : Operation = new mx.rpc.http.Operation(null, "signIn");

      operation.url = "signin";

      operation.method = "POST";

      operation.showBusyCursor = true;

      operation.contentType = "";

      operation.resultFormat = "xml";

      operation.addEventListener(ResultEvent.RESULT, signIn_result);

      operation.addEventListener(FaultEvent.FAULT, signIn_fault);



      userService.operationList = operations;


        • 1. Re: Security Sandbox Violation with web service
          Flex harUI Adobe Employee

          The implies you are using LoadBytes to load code (maybe as an

          RSL).  There might be an access restriction related to that.

          • 2. Re: Security Sandbox Violation with web service
            mikaye Level 1

            I'm not using loadBytes.


            Bizarre, but I believe I found the problem. It happens in the web app because after sending the http web service "signin" request I immediately send getdata web service "notes" request.


            This works fine in the air app but in the web app I guess you can only make one web service request per user action


            I even tried delaying the second web service request by 10 seconds but I still get the following error.


            *** Security Sandbox Violation ***

            Connection to http://localhost:8888/users/bill/notes halted - not permitted from http://localhost:8888/notesweb/NotesWeb.swf/[[DYNAMIC]]/4

            Error: Error #2029: This URLStream object does not have a stream opened.

            at flash.net::URLStream/close()

            at flash.net::URLLoader/close()

            at DirectHTTPMessageResponder/requestTimedOut()[E:\dev\4.x\frameworks\projects\rpc\src\mx\me ssaging\channels\DirectHTTPChannel.as:474]

            at mx.messaging::MessageResponder/timeoutRequest()[E:\dev\4.x\frameworks\projects\rpc\src\mx \messaging\MessageResponder.as:356]

            at flash.utils::Timer/_timerDispatch()

            at flash.utils::Timer/tick()


            However, when I send the request http://localhost:8888/users/bill/notes from a user action, no problem.


            If anyone knows where this is documented, I would really like to understand this behavior.

            • 3. Re: Security Sandbox Violation with web service
              Flex harUI Adobe Employee

              I don't think that's the case.  It really seems like more than one SWF is

              being loaded by your app (maybe as RSLs) and that there is some security

              issue related to it.  It might be that on the user action, the code in the

              unpermitted SWF is not making the request.


              Each SWF loaded has its own security rules.

              • 4. Re: Security Sandbox Violation with web service



                Not sure if this helps in your case, but I had a similar warning.

                When I changed the "Local playback security:" in the "Publish Settings" of the Flash application from "Access local files only" to "Access network only" that solved my problem.