I understand it's not a common configuration and I don't plan on deploying my modules like this. The reason I want a local Application SWF to load a remote module SWF is because I need to run my integration tests on my local machine. The tests run against the web application that serves the module SWFs. However, even though they are both on my machine, the Application SWF loads from the filesystem, whereas the modules are loaded from http://localhost.
So to recap, I've tried running with localTrusted, localWithNetworking. I have the most permissive crossdomain.xml on the server where the modules live. I've tried several different permutations of setting the ApplicationDomain. I've even tried setting the SecurityDomain as I said in my previous post though apparently a local SWF is just not allowed to do that. I did see something very briefly mentioned in the Adobe Flash Player docs about setting DisableLocalSecurity/EnableLocalSecurity API calls but I believe those are API calls of the player, not of the SDK and I haven't figured out how I could call those methods on the plugin in Firefox. Any other ideas? The Adobe docs really do indicate that this configuration is possible yet I have yet to see anywhere where someone has got this working. Am I chasing something that can't be done? Are the docs wrong (see my initial post in this thread)? --- In [email protected], Alex Harui <aha...@...> wrote: > > I was unclear you needed to load from different domains. I don't know how you would get your current configuration to work when deployed over HTTP unless the module and main swf were on the same domain, and in such a case, relative URLs would be better. > > I think you are caught in one of those scenarios I described. In order to use cross-domain modules, you need to set SecurityDomain.currentDomain and thus can only test when deployed over HTTP. For security reasons, cross-domain modules is not a common configuration. > > From: [email protected] [mailto:[email protected]] On Behalf Of hughesmatt78 > Sent: Monday, December 15, 2008 11:59 AM > To: [email protected] > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > How could I use relative URLs when I am purposely loading from a > different domain. Again, I need to run the Application SWF from the > filesystem and load the module from http://localhost (or some other > domain). > > As far as setting the SecurityDomain.currentDomain, I have tried doing > that, only to get this error: > > SecurityError: Error #2142: Security sandbox violation: local SWF > files cannot use the LoaderContext.securityDomain property. > file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf> > was attempting to load http://localhost/SimpleModuleProject.swf. > at flash.display::Loader/_load() > at flash.display::Loader/load() > at > ModuleInfo/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:431] > at > ModuleInfoProxy/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:986] > > --- In [email protected]<mailto:flexcoders%40yahoogroups.com>, Alex Harui <aharui@> wrote: > > > > Typically, you want to test in local-trusted instead of > local-with-networking and use relative paths to all assets (and have > those assets in the local filesystem). Then when you deploy those > files to a server in the same folder configuration, everything should > just work. > > > > If you use an absolute path, then in local-trusted it is seen as a > foreign domain, and by default modules will not work unless you set > the SecurityDomain.currentDomain on the module loader. However, that > will still set up a different "topology of trust" than when you deploy > and the loading app is on the same server as the module. > > > > So, only use absolute paths if you'll always be loading the module > from a different domain. There might be issues using > SecurityDomain.currentDomain in local-trusted sandboxes. You can > sometimes get yourself into configurations that can only be tested > while deployed and served over http: > > > > From: [email protected]<mailto:flexcoders%40yahoogroups.com> [mailto:[email protected]<mailto:flexcoders%40yahoogroups.com>] > On Behalf Of hughesmatt78 > > Sent: Monday, December 15, 2008 7:33 AM > > To: [email protected]<mailto:flexcoders%40yahoogroups.com> > > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on > filesystem (SWF is not a loadable module > > > > > > My sandbox type is local-trusted. According to the Flash Security > > white paper, local-trusted has *at least* the priviledges of > > local-with-networking. > > > > "localWithNetwork: This SWF file is a local file and has not been > > trusted by the user, but it was > > published with a networking designation. This SWF may communicate with > > the Internet but may not > > read from local data sources. > > localTrusted: This SWF file is a local file and has been trusted by > > the user, using either the > > Settings Manager or a FlashPlayerTrust configuration file. This SWF > > file may both read from local > > data sources and communicate with the Internet. > > " > > > > I did change it to local-with-networking, but I get the same error: > > > > Finished loading crossdomain. > > <?xml version="1.0"?> > > <cross-domain-policy> > > <allow-access-from domain="*" /> > > </cross-domain-policy> > > > > [SWF] /SimpleModuleProject.swf - 574,981 bytes after decompression > > *** Security Sandbox Violation *** > > SecurityDomain > > > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > > tried to access incompatible context 'http://localhost/crossdomain.xml' > > *** Security Sandbox Violation *** > > SecurityDomain > > > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > > tried to access incompatible context 'http://localhost/crossdomain.xml' > > Failed to load module > > SWF is not a loadable module > > > > Any ideas? > > > > --- In > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>, Alex > Harui <aharui@> wrote: > > > > > > Check your sandboxType. I'll bet it is local-trusted and not > > local-with-networking. > > > > > > From: > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > [mailto:[email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>] > > On Behalf Of hughesmatt78 > > > Sent: Saturday, December 13, 2008 11:33 AM > > > To: [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > > > Subject: [flexcoders] Loading network SWFs from SWF hosted on > > filesystem (SWF is not a loadable module > > > > > > > > > I'm trying so far in vain to load a module from a network domain from > > > a SWF that was loaded via the filesystem. Every time I try and load > > > the module, I get the following error: > > > > > > "SWF is not a loadable module." > > > > > > I have seen this same problem discussed elsewhere on FlexCoders and > > > other blogs but I am getting very conflicting views. Some people say > > > this kind of module loading is not supported > > > (http://www.nabble.com/Problems-using-Flex-modules-td15188446.html) > > > but the Adobe Flash Player 9 Security white paper clearly indicate it > > > is possible: > > > > > > "A SWF file may also call Security.allowDomain() with the wildcard > > > parameter "*" to allow any domain. > > > This is necessary to allow a local-with-networking SWF file to > > > cross-script a network SWF file." > > > > > > Anyway, off to the example project I created. Here are two very basic > > > mxmls. > > > > > > TestApplication.mxml -- (loaded via file system, this attempts to load > > > a simple module hosted at localhost) > > > <?xml version="1.0" encoding="utf-8"?> > > > <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"; > > > layout="vertical" initialize="init()"> > > > <mx:Script> > > > <![CDATA[ > > > import mx.events.ModuleEvent; > > > private function init() : void > > > { > > > Security.allowDomain("localhost"); > > > > > > Security.loadPolicyFile("http://localhost/crossdomain.xml";); > > > > > > var loader:URLLoader = new URLLoader(); > > > loader.addEventListener(Event.COMPLETE, function(event > > > : Event) { > > > trace("Finished loading crossdomain."); > > > trace(loader.data); > > > }); > > > loader.load(new > > > URLRequest("http://localhost/crossdomain.xml";)); > > > } > > > > > > private function erroredOut(event : ModuleEvent) : void > > > { > > > trace(event.errorText); > > > } > > > > > > private function loadIt() : void > > > { > > > loaderOfModules.url = "http://localhost/SimpleModule.swf";; > > > } > > > ]]> > > > </mx:Script> > > > > > > <mx:Button click="loadIt()" label="Load module from localhost" /> > > > > > > <!-- Sandbox type reads local-trusted --> > > > <mx:Text text="{Security.sandboxType}" /> > > > <mx:ModuleLoader id="loaderOfModules" width="100%" height="500" > > > error="erroredOut(event)" > > > applicationDomain="{ApplicationDomain.currentDomain}"/> > > > </mx:Application> > > > > > > SimpleModule.mxml (the module hosted at localhost) > > > <?xml version="1.0" encoding="utf-8"?> > > > <mx:Module xmlns:mx="http://www.adobe.com/2006/mxml"; > > > initialize="Security.allowDomain('*')" > > > > <mx:Text text="Hi there" /> > > > </mx:Module> > > > > > > And the crossdomain.xml file hosted at localhost. (Although according > > > to some Adobe docs, this file is not even needed to do crossscripting, > > > only for loading data.) > > > <?xml version="1.0"?> > > > <cross-domain-policy> > > > <allow-access-from domain="*" /> > > > </cross-domain-policy> > > > > > > Note that I can get this example to work fine if I host the > > > Application SWF from one network domain and load the module from > > > another network domain without changing a thing. I only get the error > > > when the loading SWF is hosted on the filesystem. Also note that the > > > Application.swf is in a folder designated as locally trusted and I > > > confirm this by looking at the Security.sandboxType variable at > runtime. > > > > > > I am using Flex 3 and running this with Flash Player 9 debugger > version. > > > > > > So my questions are: > > > > > > * Is this scenario even supported? If not, what's with the > > > documentation I quoted from Adobe above? If yes, what am I missing? > > > * And do crossdomain.xml files even used when doing crossscripting? > > > Or are they just often conflated with module loading because you often > > > load modules and data from the same server? > > > > > >
