I'm trying to perform a file upload using a FileReference from a Flex app running in Firefox 4. However when I attempt to call the upload() method, the Filereference throws an IOError with the following
Error #2038: File I/O Error. URL: http://localhost:8080/admin/upload
If I don't explicitly add a listener for the IOErrorEvent, then I get a Flash player popup stating
SecurityError: Error #2000: No active security context.
The request doens't even hit my server (I can verify by placing breakpoints in the Java code and watching the HTTP Requests that go out using HTTPFox), so it seems to me that this is a client side issue (right?). I've done some searching for the problem on google and the suggestions included wrapping the upload() call in a timeout/callLater, and attempting to attach the sessionId to the request (since Firefox creates a new thread for the upload and doesn't attach the proper cookies). Neither of these approaches has worked for me.
I don't experience this problem with Internet Explorer, only Firefox.
Has anyone encountered this before? Any suggestions? Thanks for any help.
EDIT: Should mention that the SWF and the URL being requested are on the same server (localhost:8080).
From the docs for FileReference:
For content running in Flash Player or for content running in Adobe AIR outside of the application security sandbox, uploading and downloading operations can access files only within its own domain and within any domains that a URL policy file specifies. Put a policy file on the file server if the content initiating the upload or download doesn't come from the same domain as the file server.
Also - is this running as release or in the debugger? Sometimes the behavior for server access is quite different.
Fairly normal security sandbox issue (not prevalent to Firefox, but to Flash Player).
You just need a crossdomain file on the root of your webserver.
Related
I added WebResource.axd (empty file) manually in production environment (IIS7 and Windows Server 2008) after chrome and firefox was giving error 404 for WebResource.axd. And now it is working fine, even with parameters. I am not sure why ASP.NET generating this script in final render result (no problem with VS2008), but now it is working. I want to know, is there any security implications other than what normally associated with WebResource.axd as it is in root directory?
Thanks
I also had this issue recently, after a code change WebResource.axd stopped working for my site. Basically, it exposes dynamic resources over http. For a longer explanation visit:
Just where is webresource.axd?
Typically, what happens is that one of the dynamic resources being requested has failed, but the resource name is encrypted. This blog post will help you decrypt the name, use it and the query string of your failing webresource.axd?___ request to figure out where the error is coming from.
Telerik webresource troubleshooting
I wish I had a more generic way of asking this question but I really can't figure out what could be going on.
Using dev-channel Chrome 26 (and IE 10) I'm hitting a simple html site in my public dropbox here
In my browser Handlebars.js (from cdnjs.com) never loads and I get an error. Heck, according to the Network tab it never even tries to load it. Yet click through the source and the script file - it is definitely a live link. Why handlebars? Additionally, running the same exact site with a local server loads just fine.
I'm at a loss here what could possibly have this effect. You'd think the issue would be running the server in dropbox but it seems to be the actual browser misbehaving. And why on earth does it not make any request at all?
My repo by the way is on github on the preformance-tuning branch
It looks like Chrome is throwing an insecure content warning on your scripts. Most likely because you are trying to access content hosted over HTTP while your site is being served from dropbox using ssl. Most likely a Chrome security setting silently block scripts it considers "insecure"
Hi i have a flex file upload application over https it works fine on all IE browsers.
Recently a client with IE9 reported a complaint that she's not able to upload files.
I can see the error generated is IO Error #2038.
The adobe documentation says 2038 is File I/O Error.This error occurs when an application can't get file size, creation date or modification data using the FileReference API.
Can some one help me point out what could be the issue here.
All i can think of is browser issues like, browser cache, some new configuration in IE9 am unaware of or permission on the client directory.
Help will be much appreciated.
thanks
I suggest you to use Charles debugging proxy, which is must have tool for all Flash/Flex developers, and see the difference in IE8 and IE9. Maybe the problem is in some HTTP headers or something else.
I have a similar issue. Later I found out that upload feature doesn't work for latest version of flash player over https. Then I tried sending the upload requests via http instead of https. Now its working fine. Try this, it may help in your case aswell.
In my Flex 4 app, I access an RSS feed (I'm using http://news.ycombinator.com/rss as a dummy). It works okay when I run it from Flash Builder 4, but if I export the project and upload it, I get the following error when it tries to load the RSS feed:
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: my_website_url cannot load data from http://news.ycombinator.com/rss.
What could be causing this error? Shouldn't RSS be able to be accessed from anywhere? Thanks for reading.
Afaik flash looks for a crossdomain.xml (http://news.ycombinator.com/crossdomain.xml) file to detect if it's allowed to download this content. You find a possible solution here.
The Flash Player is in it's own security sandbox inside the browser. It cannot access URLs outside the domain from which it was served unless it is given permission.
That permission is given through the use of a crossdomain.xml file. There is no cross domain file on the ycombinator site, as you can see here: http://news.ycombinator.com/crossdomain.xml . As such flash will not be able to access that URL unless the swf file is also served off ycombinator.
I'm unclear why this works when you test it locally; you should be having the same issue.
If that is your site, you can create a cross domain file and add it to the root directory and your problems should go away. More info here:
http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
If you need an alternate feed to test with, you can use The Flex Show's RSS:
http://www.theflexshow.com/blog/rss.cfm?mode=full
(our Cross Domain for your reference)
http://www.theflexshow.com/crossdomain.xml
I'm unclear why this works when you test it locally; you should be having the same issue.
This is because when you are running from Flash Builder, the output file is a local file and hence the security domain is different as opposed to a SWF hosted in a web server.
I want to go live with my site.
...but I need help with a security violation I am incurring.
I've seen various threads on this forum regarding a crossdomain.xml file to include and link to, but I don't get it... no matter what I try I still end up with the same result. You'll note below that it is not recommended to use crossdomain hacks.
FWIW, this only happens when I export a release build... I can load the php data w/out an issue in my debug/developing phase locally in Flex.
What gives? When I make a PHP based request for data I always get this error popping up:
Error #2044: Unhandled securityError:.
text=Error #2048: Security sandbox
violation:
http://alubow.com/jml_testing/viewable/alubow_project.swf
cannot load data from
http://www.alubow.com/jml_testing/foldergrab.php?ipath=assets/bitmap/portrait_thumbs/&tpath=assets/bitmap/portrait_imgs/.
at utils.php::DirectoryReader() at
alubow_project/newScroller() at
alubow_project/mainClickOut()
Is there code I need to add to get this to work? Do I need to configure the server I am using?
I will need to go live with this site soon and these errors I am getting both locally and serverside (via a browser) are unacceptable.
COULD THIS BE A PROBLEM WITH THE FLASH PLAYER I HAVE INSTALLED?
I have the debugger version of flash player 10.
jml
The problem is with the www prefix. I guess you are trying to load a page with out the www subdomain and the URL you are looking for does have that prefix.
Now, what you need to do is one of the following:
change the request url
add both www.yourdomain.com And yourdomain.com to the crossdomain.xml
call the url dymanicaly. this is the best solution but needs some more work. you can get it done using ExternalInterface and connection to JS here. OR you can use the BrowserManager.
Enjoy!
It may be because your app is requesting from www.alubow.com when hosted from alubow.com, which triggers a request for http://www.alubow.com/crossdomain.xml, which doesn't exist. You could refer to your app as www.alubow.com/jml_testing/viewable/alubow_project.swf and avoid the error.
Alternately, you could add a crossdomain.xml file to www.alubow.com.
I know this is weird but for local files loaded through the flash player you probably just need to hit this page. Look near the top right for something that looks like an example image. It's actually a Flex application. Click successive tabs until you read the Global Security Settings panel (currently 3rd from the left, with an image of a globe and padlock). Select the "Edit locations" menu, and choose "Add location". You can then add your swf or your folder of swf's into the whitelist and they'll be able to access outside resources magically.