Cross-domain access and #2048 security sandbox error issues in Flex

Source: Internet
Author: User
Tags server port

I encountered a Flex program Access Java program WebService call external Weather Report no error, but call local WebService program error sandbox conflict 2048 Read this article to understand how to solve.

1, the problem description

After the Flash is published in HTML format, the SWF cannot communicate with the server after loading the page. The error displayed by the Flash end is:

Securityerrorhandler information: [Securityerrorevent type= "Securityerror" Bubbles=false cancelable=false eventPhase=2 "text=" Error #2048 "]

The information displayed on the server side is attempted by the client to connect, but the data cannot be accepted. The accepted data is displayed as null.

2. Problem Reason:

The latest Flash Player 9.0.124.0, when the Flash file to do socket communication, you need to get crossdomain.xml files to the server side. A client cannot connect to the server if it is not found.

learn about the three processes that flash initiates socket communications

When the package in the flash of the page to initiate socket communication request will first look for the server port 843, get crossdomain.xml file, when the server does not open 843, Flashplayer checks to make a policy file loaded using Security.loadpolicyfile in the SWF file that originated the request Crossdomain.xml, if you don't, you'll see this. The requesting SWF has a policy file on the destination port to connect to. If there is no such connection failure, return the error prompt as above.

why the old version of Flash Player does not have this problem.

Read some of the official information. Previous Flash Player has shared a security policy file, whether you use URLRequest HTTP requests or Xmlsocket sockets. This policy file is as long as you put it in the primary domain directory. And now the policy file if you use the HTTP request method then need to put the policy file under the directory, if you use the socket request method must be through the socket port to receive the policy file.


The corresponding call is in the following ways:

HTTP request--"Security.loadpolicyfile" ("Http://www.xxx.com/crossdomain.xml")

Socket or Xmlsocket request--"Security.loadpolicyfile" ("Xmlsocket://www.xxx.com:port")


How to send a Socke policy file to flash Player
Before your socket.connect ("domain") runs, Flash Player will follow the three procedures described above to your socket server's 843 ports (it is said that Adobe has requested the relevant regulatory authority to retain 843 ports to flash Player to send a string "<policy-file-request/>", this time if you have a service after listening to the 843 port to receive this string, directly in the XML format to send back the policy file is resolved. (Note that when you send back, remember to add a cutoff character "/0")


Of course, you can not use the 843 port to set a port yourself. Because Flash Player does not get information on port 843, you can define your own port by checking whether you have added the specified access channel to your Flash file. But this time you can't use the HTTP method, but use the Xmlsocket way. (equivalent to automatically help you create a new Xmlsocket object, and then link to the host and port you specify). For example, you want to use 1234 port can add this sentence in your flash security.loadpolicyfile ("xmlsocket://www.xxx.com:1234"), you need to pay attention to this sentence to add in your Socket.connect Front.

One last option is to listen for this request on your socket connection port. For example, if you are using Socket.connect ("192.168.1.100", 8888), add a section of code that receives the string "<policy-file-request/>" in your server, The policy text is sent to the client in XML format when the string is received.

Of course you can set the global security setting in Flash to set permissions. Right-click the--> global setting on your SWF file

Open the site Flashplayer help site,--> Click the "Global security Settings" Panel on the left to add your files or folders to the files that always trust the location.

about the format of the policy file (which can be found in Flash Player security in Flash CS3 help--"Control Rights overview")

1. Policy files for Web applications

The following example shows a policy file that allows access to SWF files originating from *.iflashigame.com and 192.0.34.166.

<?xml version= "1.0"?> <cross-domain-policy> <allow-access-from domain= "*.iflashigame.com"/> < Allow-access-from domain= "192.0.34.166"/> </cross-domain-policy>
Precautions:

By default, the policy file must be named Crossdomain.xml and must be located in the root directory of the server. However, the SWF file can check for other names or in other directories by calling the Security.loadpolicyfile () method. Cross-domain policy files apply only to the directory from which the file is loaded and its subdirectories. Therefore, the policy files in the root directory apply to the entire server, but the policy files loaded from any subdirectory apply only to that directory and its subdirectories.

The policy file affects only access to the specific server to which it resides. For example, a policy file located in Https://www.adobe.com:8080/crossdomain.xml applies only to data load calls that are made to www.adobe.com on port 8080 through HTTPS.


2, for the socket policy file

<cross-domain-policy> <allow-access-from domain= "*" to-ports= "507/> <allow-access-from domain=" *. example.com "to-ports=" 507,516 "/> <allow-access-from domain=" *.example2.com "to-ports=" 516-523 "/> < Allow-access-from domain= "www.example2.com" to-ports= "507,516-523"/> <allow-access-from domain= " Www.example3.com "to-ports=" * "/> </cross-domain-policy>

Here is an example to describe the communication between flex and twisted and the problem of resolving cross-domain

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.