2

How can I disable crossdomain.xml check when the executing swf has been loaded on localhost?

Error #2044: Unhandled SecurityErrorEvent:. text=Error #2048: Security sandbox violation: http://localhost:2541/xxx.swf cannot load data from http://www.com/xxx.swf.

I want to assign full trust to the HTML5 web application running locally. I want to disable any crossdomain checks.

Why? Some external servers do not provide crossdomain.xml for their hosted SWF files. I am running locally. I want to have full trust for debugging purposes.

How do I do that?

I will not consider AIR as it cannot be used from HTML5 application.

Adding the url "http://localhost:2541/xxx.swf" to "C:\Users\Arvo\AppData\Roaming\Macromedia\Flash Player#Security\FlashPlayerTrust\u.cfg" did not help.

Ref:

  1. http://www.abdulqabiz.com/blog/archives/2007/03/20/flash-player-trust-flashplayertrust-on-gnulinux/

  2. Running a SWF from file:/// without having the user change their Flash Player security settings

Community
  • 1
  • 1
zproxy
  • 3,509
  • 3
  • 39
  • 45

3 Answers3

2

If you are previewing the swf in Flash, there is no crossdomain restriction. If you're actually viewing it in your browser, though (eg, local webserver), it's restricted just like anything else. You'd have to place the crossdomain.xml file on the other site, or have a policy server listening on port 843 with a master policy.

mway
  • 4,334
  • 3
  • 26
  • 37
  • Not an option. I want flash to disable the checks. The PC is under my control. – zproxy Nov 02 '10 at 16:49
  • Then make a local proxy to get it and fetch that instead. Circumventing Flash's sandbox isn't something that Flash is designed to let you do outside of those two methods: crossdomain.xml or a policy server. – mway Nov 02 '10 at 16:51
2

Use the local server to proxy the remote address. Say you want to connect to:

http://someserver.com/whatever

then make a call to:

http://localhost/proxy/someserver.com/whatever

and have the local server application make the actual remote call and proxy the response.

Samuel Neff
  • 73,278
  • 17
  • 138
  • 182
  • this wont work if the loaded SWF wants to talk to its web server – zproxy Nov 02 '10 at 17:05
  • @zproxy, what do you mean? you load the swf from it's web server, you talk back to its own web server. If you need something from some other web server, have the swf's web server get it for the swf. It will work. – Samuel Neff Nov 02 '10 at 17:06
0

I believe you need to add your local path of the file to the .cfg file, not the path you are using to access it. So you would put /location/of/xxx.swf to your .cfg instead of http://localhost:2541/xxx.swf

Alan Geleynse
  • 24,821
  • 5
  • 46
  • 55