View Full Version : Flash 9 local trusted security

07-02-2007, 03:27 PM
I am trying to send data via URLLoader in flash 9 to Firebug by using javascript:console.log("Hello").
In flash it is swf to html operation and will not work under the default security settings (local-file).

So I am trying to make my content local-trusted. Here is my environment and here is what I have done.

I am running on a MAC.
I am viewing my swf locally in Firefox
I am using the flash player debugger version

I placed the test.cfg file in /Library/Application Support/Macromedia/FlashPlayerTrust directory
My test.cfg file has one line..../Users/myuname/Sites/mysite
My html and swf file are located in /Users/myuname/Sites/mysite

My code
var v = "hello?";
var out = "javascript:console.log('" + v + "')";
var l = new flash.net.URLLoader();
l.load(new flash.net.URLRequest(out));

I am getting and the exception Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://localhost/test.swf cannot load data from javascript:console.log('hello?')

How can I get this to work? Has anyone else run into this problem?


07-02-2007, 05:14 PM
Using URLLoader seems like the wrong approach. Have you tried ExternalInterface or navigateToURL?

07-06-2007, 12:09 AM
The reason why URLLoader is used is because if you use navigateToUrl then sometimes your log messages will be overwritten by the most recent one. This happens when you do two firebug log calls in the same frame.

Apparently URLLoader is the way to go but I have not been able to get it to work because of this security crud. Isn't there some simple flag that lets you disable all of it so I can get to work?

On a side note, I am using haxe to generate my swf. So it may have something to do with that.

07-06-2007, 12:45 AM
also...navigateToUrl and ExternalInterface have the same security requirements....

Security note: For local content running in a browser, calls to the navigateToURL() function that specify a "javascript:" pseudo-protocol (for example, navigateToURL("javascript:someFunction()")) are only permitted if the SWF file and the containing web page (if there is one) are in the local-trusted security sandbox. For more information, see the following:

I'd like to make my flash file local-trusted. I must be not configuring the FlashPlayerTrust directory correctly. It could also be the way Haxe is generating the swf. I imagine on execution swf files look for a FlashPlayerTrust directory to determine if the swf should run in local-trusted.

I am going to try straight AS3 to see if I run into the same problem.

07-06-2007, 11:26 AM
Ok I figured it out. Although I do not completely understand why.
I was executing my .swf through my local apache web server.

Neither the trust directory or the settings manager changes would work when I accessed the swf using localhost.
However if I use the file:/// protocol it works.

07-06-2007, 05:03 PM
When you run a SWF from a server on localhost, Flash Player doesn't consider that to be running locally. To Flash Player, localhost is a server like any other.