Fixing security sandbox violation in Flash AS3

http://www.wildbunny.co.uk/blog/2012/11/05/fixing-security-sandbox-violation-in-flash-as3/ ?security sandbox关于安全的一篇帖子

This time I wanted to talk about the dreaded Security sandbox violation error which Flash will sometimes throw at you when you’re working with external websites,or sockets,or file access across local/web.

What is a security sandbox violation?

Flash applications run inside a security sandbox which prevents them from accessing data they shouldn’t be. For example if your application is web-based,it will be forbidden from accessing files on a user’s local hard drive. If the application is not web-based then it will be forbidden from accessing the web.?You can read more about these two types here.

When an application attempts to access data outside of its sandbox,you will see an error which looks similar to this:

********* Security Sandbox Violation ***** Connection to <requested data location> halted - not permitted from <location of swf>

This can happen in a number of different cases:

The application sandbox is set incorrectly

This can happen when the sandbox is configured to be used one way,but is being used in another way by mistake. You can change this setting:

In Flash IDE?by going to?File->Publish Settings->Flash->Local playback security?and choosing either ‘Access local files only’ or ‘Access network only’.

In FlashDevelop?by right clicking on your project->Properties->Compiler Options->Use network services

In Amethyst?by right clicking on the project in the solution explorer->Properties->Compiler->Use network

You are accessing a web-service across domains

If your application is web-based and is accessing a web-service of some kind on a different domain to the one the .swf file is hosted on you can get a sandbox violation if the domain you are accessing does not have a valid cross domain policy in place.

The root?of the domain you are accessing must have a valid?crossdomain.xml?file.

Here is an example crossdomain.xml:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
	<allow-access-from domain="*" />
	<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

Read more on the specification of this file here

You are accessing a web-service from your local machine during development

Because of the two different sandbox modes,when developing an application which accesses a web-service but debugging or running locally you will cause this exception to fire. In order to get around this you will need to tell Flash that you give permission for this to happen.