0
votes

I'm creating an (desktop) application with flex but AIR is not an option. (I've heard you need air-installer to play the .exe) My flex app needs to load a php generated xml but it has to run from the swf file when you export a release build.

When testing my flex application on the localhost, everything is fine. The xml is loaded and I get the data. However after i export a release build, and launch the .swf, I get security voilation (sandbox) saying it cannot load the xml from the webpage.

Does anybody know a way around this? Does anybody know if the air installer really is necessairy to launch the .exe? (i only have a mac)

3

3 Answers

2
votes

Due to security limitations of the Flash Player you are running in a sandbox. If you launch the application SWF it will have a URL something like file:///path/to/my/app, which puts it in a local file sadbox (which is the most restrictive place to run a swf). AIR gives you a local file system sandbox also, but you gain the ability to access local files and save to disk. If you are running a swf from http://example.com you are in the example.com context ad can load content from that domain. If you need to load content from another domain, you will need a crossdomain.xml policy file on the other domain where the content/service lives.

alt text http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security/fig01.gif

This article explains, in great detail, the concept of the crossdomain.xml file. Here is an example that allows a conection from ANY domain to resources:

<?xml version="1.0"?>
<cross-domain-policy>
    <allow-access-from domain="*" />
    <site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

which would work in your case.

1
votes

Since the Flex app will be launched from the local filesystem - via a file:// handler or just like c:\mypp\mySwf.swf, there are actually two security components that you need to take care of:

  • The first, as mentioned in the above answers is making sure that your php page can be contacted. This is solved via the crossdomain.xml policy file.

  • The second problem stems from the way it runs - localy. Flash has four sandboxes in place (remote, local-with-filesystem, local-with-network and trusted). By default, all swfs from the web are placed in remote sandbox; those ran locally get defaulted to local-with-filesystem == no network calls.

You probably want to change the sandbox it gets pushed in. For the local with filesystem / network you can simply adjust a flag in the Flex compiler (e.g. via the Flex Builder options). One thing to note though: you can only have one - either load data from the local system or from the network. Both at the same time cannot be achieved this way.

Putting your swf in the trusted sandbox, where it can load data from both the local system and remote servers is a bit more tricky - you need to have an installer modify some configuration files.

0
votes

your'll need to add a cross-domain policy file, its a short bit of xml saying that flex is allowed to talk to that remote entity