0
votes

I want to get URLStream from MJPG, but I have received Error #2048: Security sandbox violation error in release version.

What I'm trying to do:

Security.allowDomain("*");
Security.allowInsecureDomain("*");

var stream:URLStream = new URLStream();
//receiving this error event in onStreamSecurityError handler:
//Error #2048: Security sandbox violation: {swf} cannot load data from {url}
stream.addEventListener(SecurityErrorEvent.SECURITY_ERROR, onStreamSecurityError);
//load method have no loader context option
stream.load(new URLRequest("http://anydomain.com/mjpg/video.mjpg"));

Setting up crossdomain.xml is not the solution cause the application should able to load a stream from any remote server.

As I remember with flash.display.Loader class I set up LoaderContext and application domain. After that flex app can load resources from any domain. But I don't know what to do with URLStream.

Do you have any solution or a workaround of the Error #2048 ?

1
I think this is the whole point of the crossdomain file - you can't just load from any server.ethrbunny
Thanks, but why I can just load from any server using Loader or $.ajax? May be it is possible to disable the security? If server admin do not want to share resource everyone, he can setup auth.2xMax
What you're asking for could be rephrased as "How do I use Flash Player to institute Cross Site Scripting Attacks": en.wikipedia.org/wiki/XXS and the answer is that Flash does everything it is power to prevent that. If you want to load data from any server in a browser based Flash app you will have to create a proxy of sorts that you do have access to.JeffryHouser
@Reboog711 to restream video? I need a separate streaming server, find a where to host it. And what I really need? Support mjpg in Internet Explorer. It can do it by VLC plugin but it have some issues I can't use. I think that the flash developers are sawing off the branch on which sit. Intead of creation of special security utility that validates input and that is enabled by default...butthert2xMax
@2xMax I have to admit I don't understand much of your response to me. But, yes a server side proxy is the correct solution to access content the client can't access. Or you can have the sites you want to access add a crossdomain.xml file. I know Silverlight had a similar issue and used a file similar to crossdomain.xml to address it. I thought most browsers had JavaScript implementations in place to prevent unwanted access.JeffryHouser

1 Answers

5
votes

It's not possible. You can't remotely grant access to another domain, because it's not yours to grant. The allowDomain() function doesn't do that, it does it the other way around:

Lets SWF files in the identified domains access objects and variables in the SWF file that contains the allowDomain() call.

If your SWF is on domain a.com, and you're adding the line Security.allowDomain("b.com") in it, than grants access to a SWF on domain b.com to your SWF. It does not grant you access to domain b.com.

You can find more detailed info on this in the documentation of allowDomain()

AJAX won't let you do that either, or better put, the browser's won't let you. They're all playing by the same rules.

In order to overcome this, you must proxy the request through a server side script sitting on the same domain as your SWF. It can be in PHP with curl, or whatever you find easier. This video explains how and why.