“Error #2048: Security sandbox violation” when using URLLoader with external Url

1
votes

I am creating an application in Flex (AS3), where I need to get information from an external url. But when using the URLLoader the error occurs:

"Error # 2044: Unhandled securityError :. text = Error # 2048: Security Sandbox Violation"

My code: 

sUrlListas = "https://www.us8.api.mailchimp.com/2.0/lists/members.json?apikey=XXXXX&id=XXX; 
urlLoader2 = new URLLoader (); 

urlLoader2.load (new URLRequest (sUrlListas));

My crossdomain is: 

<cross-domain-policy> 
     <site-control permitted-cross-domain-policies = "all" /> 
     <allow-access-from domain = "*" secure = "false" to-ports = "*" /> 
</ cross-domain-policy>

The crossdomain them is: 

<cross-domain-policy> 
     <allow-access-from domain = "*" /> 
</ cross-domain-policy>

Rodo this application on localhost. I've read a lot about the problem of crossdomain be, but does not seem to be exactly this problem.

Could anyone help?

2
actionscript-3securityapache-flexcross-domainflex4.5

2 Answers

1
votes

By default, "secure" attribute in flash crossdomain is set to true, which means you cannot access the content on HTTPS from HTTP. Thus, your swf should connect to their API from HTTPS.

0
votes

In my case problem was similar and setup cross-domain-policy didn't help me as well. So I try to requesting api service not from SWF directly, but through php agent on my web. It was like:

private static var agentURL:String = "https://myweb.com/agent.php";
private function sendRequest():void
{
  var service:HTTPService = new HTTPService();
  service.resultFormat = "e4x";
  service.useProxy = false;
  service.method = "POST";
  service.url = agentURL;
  var params:Object = new Object();
  params.myurl = "https://www.us8.api.mailchimp.com/2.0/lists/members.json?apikey=XXXXX&id=XXX";
  service.send(params);
}
/*some listeners for Result and Fault response */

So next code is for file agent.php

<?php
set_time_limit(100);

$url = $_POST['myurl'];

try
{
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

    $result = curl_exec($curl);

    if (curl_errno($curl)) {
        print "CError: " . curl_error($curl); 
    } else { 
        print($result); 
        curl_close($curl); 
    }
}
catch(Exception $e)
{
    print '<message>' . $e->getMessage() . '</message>';
}
finally
{
    curl_close($curl);
}
?>