cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0
Upvote

Security sandbox conflict when I Load atf by worker(flash player of Web browser)

blackAir
New Here ,
Oct 07, 2019 Oct 07, 2019

Copy link to clipboard

Copied

MainSwf:

private function loadWorker():void{
		Security.allowInsecureDomain("*");
	Security.allowDomain("*");
	var workerLoader:URLLoader = new URLLoader();
	workerLoader.dataFormat = URLLoaderDataFormat.BINARY;
	workerLoader.addEventListener(Event.COMPLETE, loadComplete);
	workerLoader.load(new URLRequest("workerSwf.swf"));
}

private function loadComplete(event:Event):void
{
	// create the background worker
	var workerBytes:ByteArray = event.target.data as ByteArray;
	var worker:Worker = WorkerDomain.current.createWorker(workerBytes, true);
	
	// listen for worker state changes to know when the worker is running
	worker.addEventListener(Event.WORKER_STATE, workerStateHandler);
	//build
	mainToWorker = Worker.current.createMessageChannel(worker);
	workerToMain = worker.createMessageChannel(Worker.current);
	
	//init worker name
	worker.setSharedProperty("mainToWorker", mainToWorker);
	worker.setSharedProperty("workerToMain", workerToMain);
	
	workerToMain.addEventListener(Event.CHANNEL_MESSAGE, onWorkerToMain);
	
	worker.start();
}

private function workerStateHandler(e:Event):void{
	_workerInit = true;
	mainToWorker.send(1);
}

 

workerSwf:

private function init():void{
	Security.allowInsecureDomain("*");
	Security.allowDomain("*");
	//init worker by name
	mainToWorker = Worker.current.getSharedProperty("mainToWorker");
	workerToMain = Worker.current.getSharedProperty("workerToMain");
	//addEventListener
	mainToWorker.addEventListener(Event.CHANNEL_MESSAGE, onMainToWorker);
}

public function onMainToWorker(event:Event):void {
	//load atf
	var loader:URLLoader = new URLLoader();
	loader.dataFormat = URLLoaderDataFormat.BINARY;
	var r:URLRequest = new URLRequest("1.atf");
	
	loader.load(r);/////   throw Error:Security sandbox conflict
	//SecurityError: Error #2148:
			// SWF file file:///D:/A/bin-debug/boot.swf Local resources cannot be accessed file:///D:/A/bin-debug/1.atf。
	//The Local resources can be accessed by the SWF of File system and  trusted Local SWF.
			//at flash.net::URLStream/load()
			//at flash.net::URLLoader/load()
	//
	
	loader.addEventListener(Event.COMPLETE, onComp);
	loader.addEventListener(IOErrorEvent.IO_ERROR, onErr);
	function onComp(e:Event):void{
		var bytes:ByteArray = loader.data as ByteArray;
		bytes.shareable = true;
		workerToMain.send(bytes);
	}
	function onErr(e:IOErrorEvent):void{
		workerToMain.send(0);
	}
}

Views

174

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 3 Replies 3
latest latest Jump to latest reply
jeromiec83223024 Adobe Employee
Adobe Employee ,
Oct 15, 2019 Oct 15, 2019

Copy link to clipboard

Copied

Loading files from the local filesystem is generally problematic.  If we were building a browser plug-in from scratch, we wouldn't allow it at all.

 

If you can, you're better off doing local development with a local webserver instead of loading your content off the local filesystem.  It *greatly* simplifies things, as you're not dealing with the local-with-filesystem/local-with-network considerations, and if you ever intend to publish the content to the web, you're building it with a whole different set of security considerations in effect.  The local webserver will prevent you from that category of nasty surprise.

 

Anyway, that said, it might be related to the EnableInsecureLocalWithFilesystem directive here: 

https://www.adobe.com/content/dam/acom/en/devnet/flashplayer/articles/flash_player_admin_guide/pdf/l...

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
blackAir
New Here ,
Oct 18, 2019 Oct 18, 2019

Copy link to clipboard

Copied

In Response To jeromiec83223024
Thank you very much for your reply!Not being able to debug with local resources is a hassle.Because his error message can be authorized, I think it should be through some kind of Settings to achieve the purpose of allowing access.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
jeromiec83223024 Adobe Employee
Adobe Employee ,
Oct 22, 2019 Oct 22, 2019

Copy link to clipboard

Copied

LATEST

It gets sticky because both modern browsers and Flash both more aggressively restrict access to the local filesystem.  There are some local trusted location settings that you can play with (just right-click on the Flash content and choose Global Settings", but in practice, changes in the ecosystem in the last several years render those largely useless.  What *will* behave consistently is accessing things over HTTP and HTTPS.

 

You didn't mention the dismissable error message before.  What does it say?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices