Locked

Security sandbox conflict when I Load atf by worker(flash player of Web browser)

New Here ,
Oct 07, 2019 Oct 07, 2019

Copy link to clipboard

Copied

MainSwf:

private function loadWorker():void{
		Security.allowInsecureDomain("*");
	Security.allowDomain("*");
	var workerLoader:URLLoader = new URLLoader();
	workerLoader.dataFormat = URLLoaderDataFormat.BINARY;
	workerLoader.addEventListener(Event.COMPLETE, loadComplete);
	workerLoader.load(new URLRequest("workerSwf.swf"));
}

private function loadComplete(event:Event):void
{
	// create the background worker
	var workerBytes:ByteArray = event.target.data as ByteArray;
	var worker:Worker = WorkerDomain.current.createWorker(workerBytes, true);
	
	// listen for worker state changes to know when the worker is running
	worker.addEventListener(Event.WORKER_STATE, workerStateHandler);
	//build
	mainToWorker = Worker.current.createMessageChannel(worker);
	workerToMain = worker.createMessageChannel(Worker.current);
	
	//init worker name
	worker.setSharedProperty("mainToWorker", mainToWorker);
	worker.setSharedProperty("workerToMain", workerToMain);
	
	workerToMain.addEventListener(Event.CHANNEL_MESSAGE, onWorkerToMain);
	
	worker.start();
}

private function workerStateHandler(e:Event):void{
	_workerInit = true;
	mainToWorker.send(1);
}

 

workerSwf:

private function init():void{
	Security.allowInsecureDomain("*");
	Security.allowDomain("*");
	//init worker by name
	mainToWorker = Worker.current.getSharedProperty("mainToWorker");
	workerToMain = Worker.current.getSharedProperty("workerToMain");
	//addEventListener
	mainToWorker.addEventListener(Event.CHANNEL_MESSAGE, onMainToWorker);
}

public function onMainToWorker(event:Event):void {
	//load atf
	var loader:URLLoader = new URLLoader();
	loader.dataFormat = URLLoaderDataFormat.BINARY;
	var r:URLRequest = new URLRequest("1.atf");
	
	loader.load(r);/////   throw Error:Security sandbox conflict
	//SecurityError: Error #2148:
			// SWF file file:///D:/A/bin-debug/boot.swf Local resources cannot be accessed file:///D:/A/bin-debug/1.atf。
	//The Local resources can be accessed by the SWF of File system and  trusted Local SWF.
			//at flash.net::URLStream/load()
			//at flash.net::URLLoader/load()
	//
	
	loader.addEventListener(Event.COMPLETE, onComp);
	loader.addEventListener(IOErrorEvent.IO_ERROR, onErr);
	function onComp(e:Event):void{
		var bytes:ByteArray = loader.data as ByteArray;
		bytes.shareable = true;
		workerToMain.send(bytes);
	}
	function onErr(e:IOErrorEvent):void{
		workerToMain.send(0);
	}
}

Views

94

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Oct 15, 2019 Oct 15, 2019

Copy link to clipboard

Copied

Loading files from the local filesystem is generally problematic.  If we were building a browser plug-in from scratch, we wouldn't allow it at all.

 

If you can, you're better off doing local development with a local webserver instead of loading your content off the local filesystem.  It *greatly* simplifies things, as you're not dealing with the local-with-filesystem/local-with-network considerations, and if you ever intend to publish the content to the web, you're building it with a whole different set of security considerations in effect.  The local webserver will prevent you from that category of nasty surprise.

 

Anyway, that said, it might be related to the EnableInsecureLocalWithFilesystem directive here: 

https://www.adobe.com/content/dam/acom/en/devnet/flashplayer/articles/flash_player_admin_guide/pdf/l...

 

 

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 18, 2019 Oct 18, 2019

Copy link to clipboard

Copied

Thank you very much for your reply!Not being able to debug with local resources is a hassle.Because his error message can be authorized, I think it should be through some kind of Settings to achieve the purpose of allowing access.

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Oct 22, 2019 Oct 22, 2019

Copy link to clipboard

Copied

It gets sticky because both modern browsers and Flash both more aggressively restrict access to the local filesystem.  There are some local trusted location settings that you can play with (just right-click on the Flash content and choose Global Settings", but in practice, changes in the ecosystem in the last several years render those largely useless.  What *will* behave consistently is accessing things over HTTP and HTTPS.

 

You didn't mention the dismissable error message before.  What does it say?

Likes

translate

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines