Flash 9 local trusted security

juxstapose32 · 07-02-2007, 04:27 PM

I am trying to send data via URLLoader in flash 9 to Firebug by using javascript:console.log("Hello").
In flash it is swf to html operation and will not work under the default security settings (local-file).

So I am trying to make my content local-trusted. Here is my environment and here is what I have done.

I am running on a MAC.
I am viewing my swf locally in Firefox
I am using the flash player debugger version

I placed the test.cfg file in /Library/Application Support/Macromedia/FlashPlayerTrust directory
My test.cfg file has one line..../Users/myuname/Sites/mysite
My html and swf file are located in /Users/myuname/Sites/mysite

My code
var v = "hello?";
var out = "javascript:console.log('" + v + "')";
var l = new flash.net.URLLoader();
l.load(new flash.net.URLRequest(out));

I am getting and the exception Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://localhost/test.swf cannot load data from javascript:console.log('hello?')

How can I get this to work? Has anyone else run into this problem?

Thanks

dr_zeus · 07-02-2007, 06:14 PM

Using URLLoader seems like the wrong approach. Have you tried ExternalInterface or navigateToURL?

juxstapose32 · 07-06-2007, 01:09 AM

The reason why URLLoader is used is because if you use navigateToUrl then sometimes your log messages will be overwritten by the most recent one. This happens when you do two firebug log calls in the same frame.

Apparently URLLoader is the way to go but I have not been able to get it to work because of this security crud. Isn't there some simple flag that lets you disable all of it so I can get to work?

On a side note, I am using haxe to generate my swf. So it may have something to do with that.

juxstapose32 · 07-06-2007, 01:45 AM

also...navigateToUrl and ExternalInterface have the same security requirements....

Security note: For local content running in a browser, calls to the navigateToURL() function that specify a "javascript:" pseudo-protocol (for example, navigateToURL("javascript:someFunction()")) are only permitted if the SWF file and the containing web page (if there is one) are in the local-trusted security sandbox. For more information, see the following:

I'd like to make my flash file local-trusted. I must be not configuring the FlashPlayerTrust directory correctly. It could also be the way Haxe is generating the swf. I imagine on execution swf files look for a FlashPlayerTrust directory to determine if the swf should run in local-trusted.

I am going to try straight AS3 to see if I run into the same problem.

juxstapose32 · 07-06-2007, 12:26 PM

Ok I figured it out. Although I do not completely understand why.
I was executing my .swf through my local apache web server.
http://localhost/test.swf

Neither the trust directory or the settings manager changes would work when I accessed the swf using localhost.
However if I use the file:/// protocol it works.

dr_zeus · 07-06-2007, 06:03 PM

When you run a SWF from a server on localhost, Flash Player doesn't consider that to be running locally. To Flash Player, localhost is a server like any other.

07-02-2007, 04:27 PM	#1
juxstapose32 Registered User Join Date: Jul 2007 Posts: 4	Flash 9 local trusted security I am trying to send data via URLLoader in flash 9 to Firebug by using javascript:console.log("Hello"). In flash it is swf to html operation and will not work under the default security settings (local-file). So I am trying to make my content local-trusted. Here is my environment and here is what I have done. I am running on a MAC. I am viewing my swf locally in Firefox I am using the flash player debugger version I placed the test.cfg file in /Library/Application Support/Macromedia/FlashPlayerTrust directory My test.cfg file has one line..../Users/myuname/Sites/mysite My html and swf file are located in /Users/myuname/Sites/mysite My code var v = "hello?"; var out = "javascript:console.log('" + v + "')"; var l = new flash.net.URLLoader(); l.load(new flash.net.URLRequest(out)); I am getting and the exception Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://localhost/test.swf cannot load data from javascript:console.log('hello?') How can I get this to work? Has anyone else run into this problem? Thanks

07-06-2007, 06:03 PM	#6
dr_zeus Flash Adventurer Join Date: Mar 2005 Location: Silicon Valley Posts: 1,975	When you run a SWF from a server on localhost, Flash Player doesn't consider that to be running locally. To Flash Player, localhost is a server like any other. __________________ Josh Tynjala \| JOSHBLOG \| Bowler Hat Games

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
flash player 8 wont load xml...all files local...	schedal	ActionScript 2.0	1	04-17-2007 09:15 AM
Flash Security issue with LoadVars	marrek	ActionScript 2.0	5	03-14-2007 09:16 PM
security issue	pixelmana	ActionScript 2.0	2	01-06-2006 05:16 PM
Streaming Flash Player 6	simail	Other Flash General Questions	7	04-03-2002 12:14 PM
Php, Javascript, and Flash 5 browser detect and more!	Redline01	Server-Side Scripting	2	08-11-2001 02:09 AM

07-02-2007, 06:14 PM	#2
dr_zeus Flash Adventurer Join Date: Mar 2005 Location: Silicon Valley Posts: 1,975	Using URLLoader seems like the wrong approach. Have you tried ExternalInterface or navigateToURL? __________________ Josh Tynjala \| JOSHBLOG \| Bowler Hat Games


<a href='http://d1.openx.org/ck.php?n=ac86e9f0&cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://d1.openx.org/avw.php?zoneid=36053&source=_blank&cb=INSERT_RANDOM_NUMBER_HERE&n=ac86e9f0' border='0' alt='' /></a>

07-06-2007, 01:09 AM	#3
juxstapose32 Registered User Join Date: Jul 2007 Posts: 4	The reason why URLLoader is used is because if you use navigateToUrl then sometimes your log messages will be overwritten by the most recent one. This happens when you do two firebug log calls in the same frame. Apparently URLLoader is the way to go but I have not been able to get it to work because of this security crud. Isn't there some simple flag that lets you disable all of it so I can get to work? On a side note, I am using haxe to generate my swf. So it may have something to do with that.

07-06-2007, 01:45 AM	#4
juxstapose32 Registered User Join Date: Jul 2007 Posts: 4	also...navigateToUrl and ExternalInterface have the same security requirements.... Security note: For local content running in a browser, calls to the navigateToURL() function that specify a "javascript:" pseudo-protocol (for example, navigateToURL("javascript:someFunction()")) are only permitted if the SWF file and the containing web page (if there is one) are in the local-trusted security sandbox. For more information, see the following: I'd like to make my flash file local-trusted. I must be not configuring the FlashPlayerTrust directory correctly. It could also be the way Haxe is generating the swf. I imagine on execution swf files look for a FlashPlayerTrust directory to determine if the swf should run in local-trusted. I am going to try straight AS3 to see if I run into the same problem.

07-06-2007, 12:26 PM	#5
juxstapose32 Registered User Join Date: Jul 2007 Posts: 4	Ok I figured it out. Although I do not completely understand why. I was executing my .swf through my local apache web server. http://localhost/test.swf Neither the trust directory or the settings manager changes would work when I accessed the swf using localhost. However if I use the file:/// protocol it works.