Error #2048: Security sandbox violation

i've been working on 2 days solid now, no luck.  exhausted every article , suggestion i've run across, hope community can help!  in pursuit of answer this, hope can serve dual purpose , become useful information other developers going down road.  some, may see content , figure tl;dr, i'm hoping answer questions might otherwise span several messages.

 

the goal use "binary socket" communicate between flash app , custom socket server i'm working on.  discovered need have "crossdomain.xml" file allow flash application communicate on sockets.

 

i develop under windows 7 64-bit, using flash professional cs6, microsoft visual studio 2012 , hosting under iis.

 

eventually plan on hosting flash application , crossdomain.xml on remote server, purpose of developing wanted try keep on single development workstation.

 

my policy socket server module gets flash application request , sends correct response. 

 

incoming packet using debug -> debug movie -> in flash professional:

 

get /crossdomain.xml http/1.1

accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, text/plain;q=0.8, text/css, image/png, image/jpeg, image/gif;q=0.8, application/x-shockwave-flash, video/mp4;q=0.9, flv-application/octet-stream;q=0.8, video/x-flv;q=0.7, audio/mp4, application/futuresplash, */*;q=0.5

x-flash-version: 11,2,202,228

user-agent: shockwave flash

host: 127.0.0.1:843

 

incoming packets using control -> test movie -> in browser:

 

packet #1

<policy-file-request/>

packet #2

get /crossdomain.xml http/1.1

host: localhost:843

connection: keep-alive

user-agent: mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.1 (khtml, gecko) chrome/21.0.1180.89 safari/537.1

accept: */*

accept-encoding: gzip,deflate,sdch

accept-language: en-us,en;q=0.8

accept-charset: iso-8859-1,utf-8;q=0.7,*;q=0.3

 

 

response sent back:

 

<?xml version="1.0"?>

<!doctype cross-domain-policy system "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

  <allow-access-from to-ports="*" domain="*"/>

</cross-domain-policy>

 

at first wasn't sure if working, until fired copy of fiddler , looked @ packets being requested , returned.  had more entries, read more crossdomain.xml discovered excluded entries defaulted current values started remove them testing different crossdomain.xml configurations ran across.

 

sending xml content through socket connection didn't work, later discovered had create http header , append xml content.

 

i able confirm flash professional cs6 application received crossdomain.xml when running application in debug mode ( debug -> debug movie -> in flash professional) , output generated following warning:

 

warning: domain 127.0.0.1 not specify meta-policy.  applying default meta-policy 'master-only'.  configuration deprecated.  see http://www.adobe.com/go/strict_policy_files fix problem.

 

i know fixed using crossdomain.xml file like:

 

<?xml version="1.0"?>

<!doctype cross-domain-policy system "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

  <site-control permitted-cross-domain-policies="master-only"/>

  <allow-access-from to-ports="*" domain="*"/>

</cross-domain-policy>

 

actionscript source code:

 

private function establishconnection(): void {

  var sock:socket;

 

  security.allowdomain("*");

  security.loadpolicyfile("http://127.0.0.1:843/crossdomain.xml");

  sock = new socket();

  sock.addeventlistener(event.close, closehandler);

  sock.addeventlistener(event.connect, connecthandler);

  sock.addeventlistener(ioerrorevent.io_error, ioerrorhandler);

  sock.addeventlistener(securityerrorevent.security_error, securityerrorhandler);

  sock.addeventlistener(progressevent.socket_data, socketdatahandler);

  sock.connect("http://127.0.0.1", 8080);

}

 

private function closehandler(event:event):void {

  trace("closehandler: " + event);

}

 

private function connecthandler(event:event):void {

  trace("connecthandler: " + event);

}

 

private function ioerrorhandler(event:ioerrorevent):void {

  trace("ioerrorhandler: " + event);

}

 

private function securityerrorhandler(event:securityerrorevent):void {

  trace("securityerrorhandler: " + event);

}

 

private function socketdatahandler(event:progressevent):void {

  trace("socketdatahandler: " + event);

}

 

when execute flash application in debug mode, following content displayed in output window:

 

ioerrorhandler: [ioerrorevent type="ioerror" bubbles=false cancelable=false eventphase=2 text="error #2031: socket error. url: http://127.0.0.1"]

warning: domain 127.0.0.1 not specify meta-policy.  applying default meta-policy 'master-only'.  configuration deprecated.  see http://www.adobe.com/go/strict_policy_files fix problem.

 

securityerrorhandler: [securityerrorevent type="securityerror" bubbles=false cancelable=false eventphase=2 text="error #2048: security sandbox violation: file:///c|/source/flashcs6/as101.swf cannot load data http://127.0.0.1:8080."]

[unloadswf] c:\source\flashcs6\as101.swf

debug session terminated.

 

the "ioerrorhandler" instant on output, whereas "securityerrorhandler" takes maybe 10-15 seconds before rolls out.  understand due async nature of flash engine.

 

when step through code in debugger, noticed request loading policy file isn't executed until application tries connect defined url , port.  i'm thinking might cause, not sure.

 

in effort work, have:

 

• added swf , project folder global security settings
• changed publish settings "access network only"
• added "http://127.0.0.1" global security settings
• under publish settings, enabled "permit debugging"
• added inbound , outbound rules in windows 7 firewall tcp 8080
• tried multiple crossdomain.xml configurations
• checked "mms.cfg" make sure there no blocking rules
• created , enabled logging features in "mm.cfg", log files generated nothing more displayed in flash pro cs6 output window
• changed "127.0.0.1" "localhost", same results

 

on note of global security settings, have discovered exists in 2 separate places. 

• if press "ctrl-enter" , right click flash app, "global security settings" here loads windows dialog box options can configure
• there can found @ following url

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.htm l#117502

 

do need set both?  did, in effort troubleshoot this.  i'm guessing 1 comes play on local workstation , other web-based only.

 

i did run across references sandbox type, cause potential problems this.  in trace, before socket connections made, traced out current sandbox type , "localtrusted".

 

another article talked using public ip isp, instead of localhost or 127.0.0.1, defeats purpose of local development.

 

i know socket communication works on local workstation, based on 2 events.  first being loadpolicyfile run on socket request , second being tested socket server communication non-flash client app.

 

i'm @ loss right , stuck in mud.  appreciated, , hope sheds light others going down same road.

 

thanks.

well, system isn't perfect work once grease moving parts right oil. =)

 

i started using sample microsoft asynchronous server socket build client , server, confirming system worked.

link: http://msdn.microsoft.com/en-us/library/fx6588te.aspx

 

in effort resolve this, discovered policy + socket server written in java.  isn't pretty, have disclaimer on page saying it's extremely badly written works.

link: http://efreedom.com/question/1-2951030/as3-java-socket-connection-live-flash-local-java

 

i had nothing lose, created restore point, installed java sdk , eclipse ide java ee developers.  created new project , hacked sample match ports using , hit "play", fired flash project , viewed in browser.  first time, witnessed events fire off connect , close.  in shock now. lol.

 

after little trial , error server, discovered needed change.  first had how "addressfamily" being identified.  next item changing ipaddress ipendpoint source of addresslist (see microsoft sample) "ipaddress.any".  last item odd, server didn't seem pick new connections until defined listener maxconnections.

 

below snip of final c# code changes made.

 

 

iphostentry iphostinfo = null;

ipendpoint localendpoint = null;

 

try

{

     iphostinfo = dns.gethostentry(dns.gethostname());

     localendpoint = new ipendpoint(ipaddress.any, _port); 

     _socketlistener = new socket(localendpoint.address.addressfamily, sockettype.stream, protocoltype.tcp);

 

     _socketlistener.bind(localendpoint);

     _socketlistener.listen((int)socketoptionname.maxconnections);

     ...

 

it seems relatively simple, takes 1 config parameter set wrong , server sails on different level flash operates.

 

i based policy server off same design.  don't understand despite initial design not acknowledging connections on policy server flash app, flash still grabbed crossdomain profile sent across port 843.  content available within engine (an actual local file not exist) , able validate based on changes made on crossdomain content being sent across , re-compiling , running server again testing.

 

error #2048 result of socket server not accepting connection or being available connections.  once fixed policy server still receiving error #2048 until fixed socket server connections.  had set http header packet being sent crossdomain policy, later removed , send xml content now.

 

the design had in mind works now.  multiple connections , real-time communication on sockets.  have no need video or audio streaming, data transmission.  hope info helps else may facing same challenges.

 

cheers!

More discussions in ActionScript 3

adobe