I appreciate that we aren't replicating the true production environment and I'm actually trying to figure out a way to do testing from the server while maintaining developer productivity, but the question remains:
Does Flash player allow a Application SWF hosted by the filesystem load a module hosted over HTTP? If so, what needs to be changed with my very basic example code in the original message? --- In [email protected], Alex Harui <aha...@...> wrote: > > Our automated testing harness launches the app in a browser at http://localhost:xxxx/foo.html so it runs in the deployed security environment. Otherwise, we always find surprises when we finally do deploy. If your final config is to deploy over http, I would find a way to do that from your harness. > > From: [email protected] [mailto:[email protected]] On Behalf Of hughesmatt78 > Sent: Saturday, December 20, 2008 6:11 AM > To: [email protected] > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > I understand it's not a common configuration and I don't plan on > deploying my modules like this. The reason I want a local Application > SWF to load a remote module SWF is because I need to run my > integration tests on my local machine. The tests run against the web > application that serves the module SWFs. However, even though they > are both on my machine, the Application SWF loads from the filesystem, > whereas the modules are loaded from http://localhost. > > So to recap, I've tried running with localTrusted, > localWithNetworking. I have the most permissive crossdomain.xml on > the server where the modules live. I've tried several different > permutations of setting the ApplicationDomain. I've even tried > setting the SecurityDomain as I said in my previous post though > apparently a local SWF is just not allowed to do that. > > I did see something very briefly mentioned in the Adobe Flash Player > docs about setting DisableLocalSecurity/EnableLocalSecurity API calls > but I believe those are API calls of the player, not of the SDK and I > haven't figured out how I could call those methods on the plugin in > Firefox. > > Any other ideas? The Adobe docs really do indicate that this > configuration is possible yet I have yet to see anywhere where someone > has got this working. Am I chasing something that can't be done? Are > the docs wrong (see my initial post in this thread)? > > --- In [email protected]<mailto:flexcoders%40yahoogroups.com>, Alex Harui <aharui@> wrote: > > > > I was unclear you needed to load from different domains. I don't > know how you would get your current configuration to work when > deployed over HTTP unless the module and main swf were on the same > domain, and in such a case, relative URLs would be better. > > > > I think you are caught in one of those scenarios I described. In > order to use cross-domain modules, you need to set > SecurityDomain.currentDomain and thus can only test when deployed over > HTTP. For security reasons, cross-domain modules is not a common > configuration. > > > > From: [email protected]<mailto:flexcoders%40yahoogroups.com> [mailto:[email protected]<mailto:flexcoders%40yahoogroups.com>] > On Behalf Of hughesmatt78 > > Sent: Monday, December 15, 2008 11:59 AM > > To: [email protected]<mailto:flexcoders%40yahoogroups.com> > > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on > filesystem (SWF is not a loadable module > > > > > > How could I use relative URLs when I am purposely loading from a > > different domain. Again, I need to run the Application SWF from the > > filesystem and load the module from http://localhost (or some other > > domain). > > > > As far as setting the SecurityDomain.currentDomain, I have tried doing > > that, only to get this error: > > > > SecurityError: Error #2142: Security sandbox violation: local SWF > > files cannot use the LoaderContext.securityDomain property. > > > file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf> > > was attempting to load http://localhost/SimpleModuleProject.swf. > > at flash.display::Loader/_load() > > at flash.display::Loader/load() > > at > > > ModuleInfo/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:431] > > at > > > ModuleInfoProxy/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:986] > > > > --- In > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>, Alex > Harui <aharui@> wrote: > > > > > > Typically, you want to test in local-trusted instead of > > local-with-networking and use relative paths to all assets (and have > > those assets in the local filesystem). Then when you deploy those > > files to a server in the same folder configuration, everything should > > just work. > > > > > > If you use an absolute path, then in local-trusted it is seen as a > > foreign domain, and by default modules will not work unless you set > > the SecurityDomain.currentDomain on the module loader. However, that > > will still set up a different "topology of trust" than when you deploy > > and the loading app is on the same server as the module. > > > > > > So, only use absolute paths if you'll always be loading the module > > from a different domain. There might be issues using > > SecurityDomain.currentDomain in local-trusted sandboxes. You can > > sometimes get yourself into configurations that can only be tested > > while deployed and served over http: > > > > > > From: > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > [mailto:[email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>] > > On Behalf Of hughesmatt78 > > > Sent: Monday, December 15, 2008 7:33 AM > > > To: [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > > > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on > > filesystem (SWF is not a loadable module > > > > > > > > > My sandbox type is local-trusted. According to the Flash Security > > > white paper, local-trusted has *at least* the priviledges of > > > local-with-networking. > > > > > > "localWithNetwork: This SWF file is a local file and has not been > > > trusted by the user, but it was > > > published with a networking designation. This SWF may communicate with > > > the Internet but may not > > > read from local data sources. > > > localTrusted: This SWF file is a local file and has been trusted by > > > the user, using either the > > > Settings Manager or a FlashPlayerTrust configuration file. This SWF > > > file may both read from local > > > data sources and communicate with the Internet. > > > " > > > > > > I did change it to local-with-networking, but I get the same error: > > > > > > Finished loading crossdomain. > > > <?xml version="1.0"?> > > > <cross-domain-policy> > > > <allow-access-from domain="*" /> > > > </cross-domain-policy> > > > > > > [SWF] /SimpleModuleProject.swf - 574,981 bytes after decompression > > > *** Security Sandbox Violation *** > > > SecurityDomain > > > > > > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\><file:///<file:///\\>\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > > > tried to access incompatible context > 'http://localhost/crossdomain.xml' > > > *** Security Sandbox Violation *** > > > SecurityDomain > > > > > > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\><file:///<file:///\\>\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > > > tried to access incompatible context > 'http://localhost/crossdomain.xml' > > > Failed to load module > > > SWF is not a loadable module > > > > > > Any ideas? > > > > > > --- In > > > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>, > Alex > > Harui <aharui@> wrote: > > > > > > > > Check your sandboxType. I'll bet it is local-trusted and not > > > local-with-networking. > > > > > > > > From: > > > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > > > [mailto:[email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>] > > > On Behalf Of hughesmatt78 > > > > Sent: Saturday, December 13, 2008 11:33 AM > > > > To: > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > > > > Subject: [flexcoders] Loading network SWFs from SWF hosted on > > > filesystem (SWF is not a loadable module > > > > > > > > > > > > I'm trying so far in vain to load a module from a network domain > from > > > > a SWF that was loaded via the filesystem. Every time I try and load > > > > the module, I get the following error: > > > > > > > > "SWF is not a loadable module." > > > > > > > > I have seen this same problem discussed elsewhere on FlexCoders and > > > > other blogs but I am getting very conflicting views. Some people say > > > > this kind of module loading is not supported > > > > (http://www.nabble.com/Problems-using-Flex-modules-td15188446.html) > > > > but the Adobe Flash Player 9 Security white paper clearly > indicate it > > > > is possible: > > > > > > > > "A SWF file may also call Security.allowDomain() with the wildcard > > > > parameter "*" to allow any domain. > > > > This is necessary to allow a local-with-networking SWF file to > > > > cross-script a network SWF file." > > > > > > > > Anyway, off to the example project I created. Here are two very > basic > > > > mxmls. > > > > > > > > TestApplication.mxml -- (loaded via file system, this attempts > to load > > > > a simple module hosted at localhost) > > > > <?xml version="1.0" encoding="utf-8"?> > > > > <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"; > > > > layout="vertical" initialize="init()"> > > > > <mx:Script> > > > > <![CDATA[ > > > > import mx.events.ModuleEvent; > > > > private function init() : void > > > > { > > > > Security.allowDomain("localhost"); > > > > > > > > Security.loadPolicyFile("http://localhost/crossdomain.xml";); > > > > > > > > var loader:URLLoader = new URLLoader(); > > > > loader.addEventListener(Event.COMPLETE, function(event > > > > : Event) { > > > > trace("Finished loading crossdomain."); > > > > trace(loader.data); > > > > }); > > > > loader.load(new > > > > URLRequest("http://localhost/crossdomain.xml";)); > > > > } > > > > > > > > private function erroredOut(event : ModuleEvent) : void > > > > { > > > > trace(event.errorText); > > > > } > > > > > > > > private function loadIt() : void > > > > { > > > > loaderOfModules.url = "http://localhost/SimpleModule.swf";; > > > > } > > > > ]]> > > > > </mx:Script> > > > > > > > > <mx:Button click="loadIt()" label="Load module from localhost" /> > > > > > > > > <!-- Sandbox type reads local-trusted --> > > > > <mx:Text text="{Security.sandboxType}" /> > > > > <mx:ModuleLoader id="loaderOfModules" width="100%" height="500" > > > > error="erroredOut(event)" > > > > applicationDomain="{ApplicationDomain.currentDomain}"/> > > > > </mx:Application> > > > > > > > > SimpleModule.mxml (the module hosted at localhost) > > > > <?xml version="1.0" encoding="utf-8"?> > > > > <mx:Module xmlns:mx="http://www.adobe.com/2006/mxml"; > > > > initialize="Security.allowDomain('*')" > > > > > <mx:Text text="Hi there" /> > > > > </mx:Module> > > > > > > > > And the crossdomain.xml file hosted at localhost. (Although > according > > > > to some Adobe docs, this file is not even needed to do > crossscripting, > > > > only for loading data.) > > > > <?xml version="1.0"?> > > > > <cross-domain-policy> > > > > <allow-access-from domain="*" /> > > > > </cross-domain-policy> > > > > > > > > Note that I can get this example to work fine if I host the > > > > Application SWF from one network domain and load the module from > > > > another network domain without changing a thing. I only get the > error > > > > when the loading SWF is hosted on the filesystem. Also note that the > > > > Application.swf is in a folder designated as locally trusted and I > > > > confirm this by looking at the Security.sandboxType variable at > > runtime. > > > > > > > > I am using Flex 3 and running this with Flash Player 9 debugger > > version. > > > > > > > > So my questions are: > > > > > > > > * Is this scenario even supported? If not, what's with the > > > > documentation I quoted from Adobe above? If yes, what am I missing? > > > > * And do crossdomain.xml files even used when doing crossscripting? > > > > Or are they just often conflated with module loading because you > often > > > > load modules and data from the same server? > > > > > > > > > >
