I've put together an example that pretty clearly illustrates this issue. This code is basically taken from the example code for the Gigya Wildfire widget. When the Gigya widget loads one of the things it does is reach out to the main Application in order to get it's config params. Although Gigya's methods aren't what I'd call best practices, it does conveniently illustrate the issue I encountered. so...
Steps to reproduce: 1. Create a new project with the code below 2. Publish the project in debug mode ( you should not see any security warnings ) 3. Enable Framework Caching by selecting 'Framework Linkage: Runtime shared library (RSL)' 4. Again publish the project in debug mode. You'll now get the following error: SecurityError: Error #2047: Security sandbox violation: parent: http://cdn.gigya.com/wildfire/swf/wildfireInAS3.swf?ModuleID=cfg cannot access file://localhost/Users/thejamie/Documents/clientzerows/Security-Test/bin-debug/main.swf/[[DYNAMIC]]/1. at flash.display::DisplayObject/get parent() at WildfireInAS3_fla::MainTimeline/frame1() Note: I'm using framework_3.0.0.477.swz. I haven't tested this earlier versions of the framework main.mxml: <?xml version="1.0" encoding="utf-8"?> <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"; layout="absolute" applicationComplete="handleAppComplete();"> <mx:Script> <![CDATA[ public var cfg:Object = {}; public function handleAppComplete():void { WFInit(); } public function WFInit():void { Security.allowDomain("cdn.gigya.com"); Security.allowInsecureDomain("cdn.gigya.com"); //This code assigns the configurations you set in our site to the Wildfire configuration object cfg['width']='400'; cfg['height']='300'; cfg['partner']='186912'; cfg['UIConfig']='<config><display showEmail="true" showBookmark="true"></display></config>';; // Please set up the content to be posted cfg['defaultContent']= ''; // <-- YOUR EMBED CODE GOES HERE // set up an event handler for the postProfile event, this is called when the used completed the proccess of posting to his profile. cfg['onPostProfile']=function(eventObj:Object):void{ trace('event fired eventObj.type='+eventObj.type + ' eventObj.network='+eventObj.network +' eventObj.partnerData='+eventObj.partnerData); } // set up an event handler for the onLoad event, this is called when the Wildfire UI is loaded. cfg['onLoad']=function(eventObj:Object):void{ trace('event fired eventObj.type='+eventObj.type + 'eventObj.ModuleID='+eventObj.ModuleID); } // set up an event handler for the onClose event, this is called when the Wildfire UI is closed. cfg['onClose']=function(eventObj:Object):void{ //add here code to hide var wfmc1:MovieClip = wfLoader.content as MovieClip; wfmc1.visible=false; } if (wfLoader.content==null) { // Load Wildfire wfLoader.load('http://cdn.gigya.com/wildfire/swf/wildfireInAS3.swf?ModuleID=cfg'); } else { var wfmc:MovieClip = wfLoader.content as MovieClip; wfmc.visible=true; wfmc.INIT(); } } ]]></mx:Script> <mx:SWFLoader x="78" y="149" id="wfLoader"/> </mx:Application> On Thu, Jul 3, 2008 at 11:53 AM, Alex Harui <[EMAIL PROTECTED]> wrote: > Can you put together a mini-example of the issue so we can see more > specifics? > > > > ________________________________ > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of Jamie S > Sent: Thursday, July 03, 2008 11:48 AM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Framework Caching Affecting Security Settings? > > > > Does Framework Caching affect the security settings? > > I was banging my head against a wall because my app was throwing > security violations all over the place when an outside swf ( or > JavaScript ) tried to access the main app. I was using > Security.allowDomain("*") but it was being ignored completely. I > turned framework caching off and everything worked again. > > What is the connection? How can I use framework caching and still keep > my security settings intact? > > Jamie > >
