4 Replies Latest reply on Nov 5, 2006 6:55 PM by Camus Miu

    Problem on "Security error accessing url"

    Camus Miu Level 1
      I’m getting some information from a httpservice. the swf works fine in the default directory of compilation on my local computer,
      but if I move it to somewhere. it send this error:

      [RPC Fault faultString=”Security error accessing url” faultCode=”Channel.Security.Error” faultDetail=”Destination: DefaultHTTP”]
      at mx.rpc::AbstractInvoker/ http://www.adobe.com/2006/flex/mx/internal::faultHandler()
      at mx.rpc::Responder/fault()
      at mx.rpc::AsyncRequest/fault()
      at ::DirectHTTPMessageResponder/securityErrorHandler()
      at flash.events::EventDispatcher/dispatchEvent()
      at flash.net::URLLoader/flash.net:URLLoader::redirectEvent()

      Again, this works ok into the default path, but if I upload de swf into a server this doesn’t work.

      What actually happened? Isn't that we can access to foreign domain from our local computer no matter where the folder is?
        • 1. Re: Problem on "Security error accessing url"
          peterent Level 2
          Try adding -context-root=/ root for your server to the compiler options - the command line if your using the SDK compiler or the Flex Builder project properties/compiler arguments.

          The SWF has to be built for its target environment. So when you change the context-root the SWF won't work for you locally any longer.

          I'm not 100% sure that will solve this problem, but please give it a try and let us know.
          • 2. Re: Problem on "Security error accessing url"
            Camus Miu Level 1
            Hi Peter,

            Tried and no luck.

            Actually my flex project just like the Blog sample on quick start tutorial.
            The RSS feeds avaiable on macroemdia has crossdomain.xml which allow all access from outside.

            The one I retrieve doesn't have crossdomain.xml installed, however the flex still work locally on my compiled folder. Just fail if I send the files to others or moved to other folder of my computer.

            Any one have idea on the security model of Flash player?
            I thought it allow access to foreigh domain whenever I tried to run the flash locally, but I am not sure now. Seems it ONLY works on compiled folder???
            • 3. Re: Problem on "Security error accessing url"
              peterent Level 2
              The problem is in fact, player security. When you run your Flex app from a development environment, the Flash Player sets the Security.sandboxType to "local-trusted" which is defined as (from Flex 2 docs):

              "The local-trusted sandbox--Local SWF files that are registered as trusted (by users or by installer programs) are placed in the local-trusted sandbox. System administrators and users also have the ability to reassign (move) a local SWF file to or from the local-trusted sandbox based on security considerations (see Administrative user controls and User controls). SWF files that are assigned to the local-trusted sandbox can interact with any other SWF files and can load data from anywhere (remote or local). "

              Which means that the system you are accessing does not need a crossdomain.xml file. However, when you moved your SWF out of your development environment the Security.sandboxType was set to "remote" which then requires a crossdomain file.
              • 4. Problem on "Security error accessing url"
                Camus Miu Level 1
                quote:

                Originally posted by: peterent
                SWF files that are assigned to the local-trusted sandbox can interact with any other SWF files and can load data from anywhere (remote or local). "



                So how can we do this?
                For example, I want to write a flex blog reader, which is suppose to run locally, and packed it with an installer.
                User run the installer and copy the swf to target directory, but the target directory is not a development environment.
                What can we do to deal with this?

                The crossdomain.xml is absolutely absent from the blog sites, at least, not 100% avaiable.
                The flash player security is a good thing, but since the user noticed the installation agreement, so it shouldn't be a major concern as he/she should be noticed of the blog reader needed to connect to internet.

                Flex absolutely went through the sandbox locally, there should be way.
                The focus is, how can we do this?