Modules are a Flex thing and require applicationdomain sharing, so loading a swf directly from the internet into a local sandbox won't work. Folks run into this snag on AiR all the time and have used URLLoader to load the SWF as a ByteArray and then use loadBytes to load the Module. Flex 3.2 ModuleManager added a loadbytes() API.
However, the security model for the loadbytes'd SWF may vary from what you'll get when deployed so it isn't clear to me that doing this will actually save developer productivity. I'll make one last pitch for loading the SWF via http:. It isn't clear to me why you can't do that, and if you get that working, you'll be testing in the final security environment. For us it doesn't require copying the SWF to a remote server, we just run a web-server for http://localhost If you don't need modules and want to use sub-applications, Flex 3.2 implements the Marshal Plan which allows untrusted sub-applications to work with Flex so you could load an untrusted SWF directly from the internet. See the opensource documentation and my blog for info about Marshal Plan and its limitations (nothing is free). From: [email protected] [mailto:[email protected]] On Behalf Of hughesmatt78 Sent: Sunday, December 21, 2008 3:44 PM To: [email protected] Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module I appreciate that we aren't replicating the true production environment and I'm actually trying to figure out a way to do testing from the server while maintaining developer productivity, but the question remains: Does Flash player allow a Application SWF hosted by the filesystem load a module hosted over HTTP? If so, what needs to be changed with my very basic example code in the original message? --- In [email protected]<mailto:flexcoders%40yahoogroups.com>, Alex Harui <aha...@...> wrote: > > Our automated testing harness launches the app in a browser at http://localhost:xxxx/foo.html so it runs in the deployed security environment. Otherwise, we always find surprises when we finally do deploy. If your final config is to deploy over http, I would find a way to do that from your harness. > > From: [email protected]<mailto:flexcoders%40yahoogroups.com> > [mailto:[email protected]<mailto:flexcoders%40yahoogroups.com>] On Behalf Of hughesmatt78 > Sent: Saturday, December 20, 2008 6:11 AM > To: [email protected]<mailto:flexcoders%40yahoogroups.com> > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on filesystem (SWF is not a loadable module > > > I understand it's not a common configuration and I don't plan on > deploying my modules like this. The reason I want a local Application > SWF to load a remote module SWF is because I need to run my > integration tests on my local machine. The tests run against the web > application that serves the module SWFs. However, even though they > are both on my machine, the Application SWF loads from the filesystem, > whereas the modules are loaded from http://localhost. > > So to recap, I've tried running with localTrusted, > localWithNetworking. I have the most permissive crossdomain.xml on > the server where the modules live. I've tried several different > permutations of setting the ApplicationDomain. I've even tried > setting the SecurityDomain as I said in my previous post though > apparently a local SWF is just not allowed to do that. > > I did see something very briefly mentioned in the Adobe Flash Player > docs about setting DisableLocalSecurity/EnableLocalSecurity API calls > but I believe those are API calls of the player, not of the SDK and I > haven't figured out how I could call those methods on the plugin in > Firefox. > > Any other ideas? The Adobe docs really do indicate that this > configuration is possible yet I have yet to see anywhere where someone > has got this working. Am I chasing something that can't be done? Are > the docs wrong (see my initial post in this thread)? > > --- In [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>, Alex Harui <aharui@> wrote: > > > > I was unclear you needed to load from different domains. I don't > know how you would get your current configuration to work when > deployed over HTTP unless the module and main swf were on the same > domain, and in such a case, relative URLs would be better. > > > > I think you are caught in one of those scenarios I described. In > order to use cross-domain modules, you need to set > SecurityDomain.currentDomain and thus can only test when deployed over > HTTP. For security reasons, cross-domain modules is not a common > configuration. > > > > From: [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> [mailto:[email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>] > On Behalf Of hughesmatt78 > > Sent: Monday, December 15, 2008 11:59 AM > > To: > > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on > filesystem (SWF is not a loadable module > > > > > > How could I use relative URLs when I am purposely loading from a > > different domain. Again, I need to run the Application SWF from the > > filesystem and load the module from http://localhost (or some other > > domain). > > > > As far as setting the SecurityDomain.currentDomain, I have tried doing > > that, only to get this error: > > > > SecurityError: Error #2142: Security sandbox violation: local SWF > > files cannot use the LoaderContext.securityDomain property. > > > file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\><file:///<file:///\\>\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf> > > was attempting to load http://localhost/SimpleModuleProject.swf. > > at flash.display::Loader/_load() > > at flash.display::Loader/load() > > at > > > ModuleInfo/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:431] > > at > > > ModuleInfoProxy/load()[E:\dev\3.1.0\frameworks\projects\framework\src\mx\modules\ModuleManager.as:986] > > > > --- In > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>, Alex > Harui <aharui@> wrote: > > > > > > Typically, you want to test in local-trusted instead of > > local-with-networking and use relative paths to all assets (and have > > those assets in the local filesystem). Then when you deploy those > > files to a server in the same folder configuration, everything should > > just work. > > > > > > If you use an absolute path, then in local-trusted it is seen as a > > foreign domain, and by default modules will not work unless you set > > the SecurityDomain.currentDomain on the module loader. However, that > > will still set up a different "topology of trust" than when you deploy > > and the loading app is on the same server as the module. > > > > > > So, only use absolute paths if you'll always be loading the module > > from a different domain. There might be issues using > > SecurityDomain.currentDomain in local-trusted sandboxes. You can > > sometimes get yourself into configurations that can only be tested > > while deployed and served over http: > > > > > > From: > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > [mailto:[email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>] > > On Behalf Of hughesmatt78 > > > Sent: Monday, December 15, 2008 7:33 AM > > > To: [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > > > Subject: [flexcoders] Re: Loading network SWFs from SWF hosted on > > filesystem (SWF is not a loadable module > > > > > > > > > My sandbox type is local-trusted. According to the Flash Security > > > white paper, local-trusted has *at least* the priviledges of > > > local-with-networking. > > > > > > "localWithNetwork: This SWF file is a local file and has not been > > > trusted by the user, but it was > > > published with a networking designation. This SWF may communicate with > > > the Internet but may not > > > read from local data sources. > > > localTrusted: This SWF file is a local file and has been trusted by > > > the user, using either the > > > Settings Manager or a FlashPlayerTrust configuration file. This SWF > > > file may both read from local > > > data sources and communicate with the Internet. > > > " > > > > > > I did change it to local-with-networking, but I get the same error: > > > > > > Finished loading crossdomain. > > > <?xml version="1.0"?> > > > <cross-domain-policy> > > > <allow-access-from domain="*" /> > > > </cross-domain-policy> > > > > > > [SWF] /SimpleModuleProject.swf - 574,981 bytes after decompression > > > *** Security Sandbox Violation *** > > > SecurityDomain > > > > > > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\><file:///<file:///\\>\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\><file:///<file:///\\>\\><file:///<file:///\\><file:///<file:///\\>\\>\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > > > tried to access incompatible context > 'http://localhost/crossdomain.xml' > > > *** Security Sandbox Violation *** > > > SecurityDomain > > > > > > 'file://localhost/Users/mhughes/work/ccad/workspace/AwesomeProject/bin-debug/AwesomeProject.swf<file:///\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\><file:///<file:///\\>\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf><file:///<file:///\\><file:///<file:///\\>\\><file:///<file:///\\><file:///<file:///\\>\\>\\>\\localhost\Users\mhughes\work\ccad\workspace\AwesomeProject\bin-debug\AwesomeProject.swf>' > > > tried to access incompatible context > 'http://localhost/crossdomain.xml' > > > Failed to load module > > > SWF is not a loadable module > > > > > > Any ideas? > > > > > > --- In > > > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>, > Alex > > Harui <aharui@> wrote: > > > > > > > > Check your sandboxType. I'll bet it is local-trusted and not > > > local-with-networking. > > > > > > > > From: > > > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > > > [mailto:[email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com>] > > > On Behalf Of hughesmatt78 > > > > Sent: Saturday, December 13, 2008 11:33 AM > > > > To: > [email protected]<mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com><mailto:flexcoders%40yahoogroups.com> > > > > Subject: [flexcoders] Loading network SWFs from SWF hosted on > > > filesystem (SWF is not a loadable module > > > > > > > > > > > > I'm trying so far in vain to load a module from a network domain > from > > > > a SWF that was loaded via the filesystem. Every time I try and load > > > > the module, I get the following error: > > > > > > > > "SWF is not a loadable module." > > > > > > > > I have seen this same problem discussed elsewhere on FlexCoders and > > > > other blogs but I am getting very conflicting views. Some people say > > > > this kind of module loading is not supported > > > > (http://www.nabble.com/Problems-using-Flex-modules-td15188446.html) > > > > but the Adobe Flash Player 9 Security white paper clearly > indicate it > > > > is possible: > > > > > > > > "A SWF file may also call Security.allowDomain() with the wildcard > > > > parameter "*" to allow any domain. > > > > This is necessary to allow a local-with-networking SWF file to > > > > cross-script a network SWF file." > > > > > > > > Anyway, off to the example project I created. Here are two very > basic > > > > mxmls. > > > > > > > > TestApplication.mxml -- (loaded via file system, this attempts > to load > > > > a simple module hosted at localhost) > > > > <?xml version="1.0" encoding="utf-8"?> > > > > <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"; > > > > layout="vertical" initialize="init()"> > > > > <mx:Script> > > > > <![CDATA[ > > > > import mx.events.ModuleEvent; > > > > private function init() : void > > > > { > > > > Security.allowDomain("localhost"); > > > > > > > > Security.loadPolicyFile("http://localhost/crossdomain.xml";); > > > > > > > > var loader:URLLoader = new URLLoader(); > > > > loader.addEventListener(Event.COMPLETE, function(event > > > > : Event) { > > > > trace("Finished loading crossdomain."); > > > > trace(loader.data); > > > > }); > > > > loader.load(new > > > > URLRequest("http://localhost/crossdomain.xml";)); > > > > } > > > > > > > > private function erroredOut(event : ModuleEvent) : void > > > > { > > > > trace(event.errorText); > > > > } > > > > > > > > private function loadIt() : void > > > > { > > > > loaderOfModules.url = "http://localhost/SimpleModule.swf";; > > > > } > > > > ]]> > > > > </mx:Script> > > > > > > > > <mx:Button click="loadIt()" label="Load module from localhost" /> > > > > > > > > <!-- Sandbox type reads local-trusted --> > > > > <mx:Text text="{Security.sandboxType}" /> > > > > <mx:ModuleLoader id="loaderOfModules" width="100%" height="500" > > > > error="erroredOut(event)" > > > > applicationDomain="{ApplicationDomain.currentDomain}"/> > > > > </mx:Application> > > > > > > > > SimpleModule.mxml (the module hosted at localhost) > > > > <?xml version="1.0" encoding="utf-8"?> > > > > <mx:Module xmlns:mx="http://www.adobe.com/2006/mxml"; > > > > initialize="Security.allowDomain('*')" > > > > > <mx:Text text="Hi there" /> > > > > </mx:Module> > > > > > > > > And the crossdomain.xml file hosted at localhost. (Although > according > > > > to some Adobe docs, this file is not even needed to do > crossscripting, > > > > only for loading data.) > > > > <?xml version="1.0"?> > > > > <cross-domain-policy> > > > > <allow-access-from domain="*" /> > > > > </cross-domain-policy> > > > > > > > > Note that I can get this example to work fine if I host the > > > > Application SWF from one network domain and load the module from > > > > another network domain without changing a thing. I only get the > error > > > > when the loading SWF is hosted on the filesystem. Also note that the > > > > Application.swf is in a folder designated as locally trusted and I > > > > confirm this by looking at the Security.sandboxType variable at > > runtime. > > > > > > > > I am using Flex 3 and running this with Flash Player 9 debugger > > version. > > > > > > > > So my questions are: > > > > > > > > * Is this scenario even supported? If not, what's with the > > > > documentation I quoted from Adobe above? If yes, what am I missing? > > > > * And do crossdomain.xml files even used when doing crossscripting? > > > > Or are they just often conflated with module loading because you > often > > > > load modules and data from the same server? > > > > > > > > > >
