ActionScript Error #2148:
SecurityError: Error #2148: SWF file file:///C:/Documents and Settings/UserProfile/Desktop/flexstore/bin-release/flexstore.swf cannot access local resource myFile.swf. Only local-with-filesystem and trusted local SWF files may access local resources.
Description:
ActionScript Error #2148 can be caused by a number of reasons. If you are using Flex please keep in mind that the bin directory is a special directory that the Flash player allows SWFs ( and other files ) to load from as long as the file is stored in this directory. It will also allow a loaded swf to access network resources (a remote HTTPService call for example). If these files are placed anywhere besides the bin directory, the Flash Player prevents the file from accessing any external resources. You can allow for external access by changing the settings within the FlashPlayer or within Flex. These solutions are listed below
Fix 1 :
If you’re loading in XML or other files from a remote sever that isn’t hosting the SWF too, make sure you create a crossdomain.xml policy, and put it on the root of your webserver. If you haven’t heard about a cross domain policy or need help creating a crossdomain.xml file click the link and I will show you how to create a crossdomain.xml file. View my tutorial on How to Create a crossdomain.xml file and visit the links on the bottom of the page to learn more.
XML Code:
<?xml version=”1.0″?>
<!DOCTYPE cross-domain-policySYSTEM “http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd”>
<cross-domain-policy>
<allow-access-from domain=”www.curtismorley.com” />
<allow-access-from domain=”curtismorley.com” />
</cross-domain-policy>
Fix 2:
Within ActionScript you are now able to specify the cross domain access from within the code. I won’t get into the guts of this one but if you want to learn more view the Flash / Flex documentation or Adobe LiveDocs – Security Chapter or get Joey Lott’s book ActionScript 3 Cookbook By adding this code you will get rid of ActionScript Error #2148 If you are using https:// you will need to use allowInsecureDomain() as shown below. If you are using a local file make sure to target it correctly(i.e. c:\myFolder).
ActionScript Code:
flash.system.Security.allowDomain(“http://www.curtismorley.com”);flash.system.Security.allowInsecureDomain(“http://www.curtismorley.com”);
Fix 3:
One hack to get rid of ActionScript Error 2148 is to add these arguments to the compiler (via Properties – Flex Compiler) : -use-network=false . Beware though this will effectively change your cross-domain security.
Good Code:
-use-network=false
Fix 4:
Make sure your Global Security Settings in Flash Player allows local access to the directory your SWF/XML is running from. At the Global Security Settings in Flash Player click on Edit locations >> Add location and then either type in the new location your SWF is at (i.e. c:\myFolder) or browse for the file or folder. Shut down Flash/ Flex and all instances of the Flash Player(including browsers), and then try again. This will eliminate this ActionScript Error #2148. This solution only works for you on your computer. If you cahnge computers or change locations on the web please refer back to Fix 1.
And now you know 2 ways to fix and 2 ways to circumvent ActionScript Error #2418: Security Error
Happy Flashing
You can get rid of this error by going to ‘Project’ -> ‘Properties’ -> ‘Flex Build Path’ -> ‘Library Path’ and change the framework linkage to ‘Merged into code’
Cheers
Hi Curtis, Great post. I am fighting 2121, 2044 & 2048 Flash security errors in getting an MP3 player to work and this article has been the most helpful on the net. I have added the crossdomain.xml file at our websites root and added the flash.system.Security.allowDomain in line 1 of the action script of the flash fla to allow our site access (using both the http://www.mysite and the mysite url paths) and these have helped get the player to work better on our test site. The online playback of the mp3 player will play about 4-7 mp3’s then lock-up. I think that is related to flash security also.
I am still getting the 2121 error within Flash CS4 as I debug the player or play the swf in live view within Dreamweaver, which in turn locks-up the Flash 10 player and crashes the program. I am having the mp3 player access the mp3 files from our web site as I test the fla.
You mention in fix 2, “If you are using a local file make sure to target it correctly(i.e. c:\myFolder).” How do you do that? I assume you mean to use the Security.allowDomain method. I have tried doing that with the c drive but I get all kinds of scripting errors because I do not know how to code with AS3.
Here is the debug message I am getting.
Attemping to launch and connect to Player using URL C:\Web Site Files\Plank Productions afc\Plank Productions 2010\site\MP3_List_Player_AS3.swf
[SWF] C:\Web Site Files\Plank Productions afc\Plank Productions 2010\site\MP3_List_Player_AS3.swf – 209827 bytes after decompression
SecurityError: Error #2121: Security sandbox violation: Sound.id3: file:///C|/Web%20Site%20Files/Plank%20Productions%20afc/Plank%20Productions%202010/site/MP3%5FList%5FPlayer%5FAS3.swf cannot access . This may be worked around by calling Security.allowDomain.
at flash.media::Sound/get id3()
at com.afcomponents.mp3player::MP3Player/get id3()
at com.afcomponents.mp3player::MP3Player/handleBuffering()
How do you target the local c drive to work properly?
Thank you for any help.
Pingback: Cross domain access ActionScript Error 2148 – jpablobr.com
Thanks mate.
Hi.
I am trying to read XML file provided by our “Environmental Agency of the Republic of Slovenia”. XML contains data of current weather conditions in my city and its use should be free, but I still get this message:
xml file: http://meteo.arso.gov.si/uploads/probase/www/observ/surface/text/sl/observation_LJUBL-ANA_BEZIGRAD_latest.xml
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://projekti.sloscfan.com/vreme/vreme.swf cannot load data from http://meteo.arso.gov.si/uploads/probase/www/observ/surface/text/sl/observation_
LJUBL-ANA_BEZIGRAD_latest.xml.
at main_fla::MainTimeline/main_fla::frame1()
I emailed them and they said I should check if problem is on my side. Is there any way that this is really my fault?
BTW, file works locally on my computer without any problems.
Thanks for you help.
Didnt come through again. Wrap this code in less then and greater then triangular brackets like regular html:
allow-access-from domain=”*” secure=”false”/
My code didn’t come through:
Hello kennyt and all. I was having this issue because i was loading data from https and my swf was on http. Here is what i added to my policy file to allow it:
(its the secure=”false” thing)
Error: Event Target: [object HTTPService]
Event Type: fault
Fault Code: InvokeFailed
Fault Info: Error #2148
The above error is not resolved by any of the above solutions.
Please guide
Pingback: Flex on Grails: An one line Groovy proxy for cross domain communication for Flex « Tomás Lin’s Programming Brain Dump
Another solution is to set “Global Security Settings” via adobe at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html#117502
I noticed that this particular error also can be caused when running or debugging your project locally in a folder that contains characters with accents like é or è.
I tried al of your fixes without success, changing the name of the folder did the trick.
apparently my xml code didnt show
here is the link http://ptshots.com/crossdomain.xml
hi. i’ve been trying to access data from an rss feed (external source). i have created my cross domain file. It looks like this
here is the URL to my file
http://ptshots.com/transitions1.swf
when you run that file… this error shows up
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://ptshots.com/transitions1.swf cannot load data from http://ptshots.smugmug.com/hack/feed.mg?Type=gallery&Data=6955066%5FMfAYU&format=rss200.
at transitions1_fla::MainTimeline/frame1()
can anyone point me in the right direction?
Sorry for those messages, but I tried to put an XML code and each it’s not displayed !!
allow-access-from domain=”*” secure=”false”
<?xml version="1.0?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-policy>
<?xml version=”1.0″?>
<cross-domain-policy>
<allow-access-from domain=”*” secure=”false”/>
</cross-domain-policy>
Scott, try this :
You have to add the “secure” attribute and to set it to “false” because if you don’t do that, this attribute will get true value by default,
Hope this help.
I am getting a slightly different error #2048.
I have a flex client running on a non-secure (http) server. It is making HTTPService calls to Servlets on a secure (https) server. I have tried all types of variants in the crossdomain.xml file, but the error still persists:
Error #2048: Security sandbox violation: http://localhost:8081/MainShell.swf cannot load data from https://localhost:443/ReasonRequiredServlet
Note that this happens both locally and when deployed to a test server. Can flex make service calls from an http client to an https service?
My crossdomain.xml file is in the application root (http://localhost:8081/crossdomain.xml). Is it possible that flash is not picking up the file? How can I tell if it is not?
Thanks!
This is probably the most comprehensive guide to this *issue*.
I am digging this.
Hi again, i forget to say that the php file domain is a https and i cannot use allowInsecureDomain().
Hi,
I want to execute a php script using an SWF, the crossdomain.xml file must be putted in the server of the php file or of the SWF file ?
thanks.
Thanks for Your WEBSITE i solved i problem with my crossdomain.xml 😀
solvved my problem
Using -use-network=false
Pingback: andreas04: close to attraction
Please I need some help with this! The following error appears(AS3) when I try to load a xml file. I have tried everything with Security
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: file:///home/jayc/webserver1/workspacetest/Test/bin-debug/Test.swf cannot load data from http://localhost/workspacetest/xmlfeed.xml.
at Test()[/home/jayc/webserver1/workspacetest/Test/Test.as:14]
Error: Request for resource at http://localhost/workspacetest/xmlfeed.xml by requestor from file:///home/jayc/webserver1/workspacetest/Test/bin-debug/Test.swf is denied due to lack of policy file permissions.
Pingback: curtismorley.com » Search Engine Optimization Example
Chris,
A text file works great to load simple name-value pairs into Flash. Another thing you might want to consider is loading an XML file. Either way I will post a couple of tutorials on how to load a .txt file into Flash/Flex and how to load an .xml file into Flash/Flex. Look shortly for a tutorial on my site.
Thanks,
Curtis J. Morley
Can someone please tell me what code I would put in to simply open a text file in a local directory please?
Hi all,
I got the error 2048 when i try to load a .txt file from remote server.
I am using Flash CS3 IDE.
I used URLLoader to load the txt file.
I tried to put the cross domain policy file, allowDomain(“*”), but
nothing is worked.
pls help me anyone to get rid of 2048.
Thanks in advance.
Baskaran S
Regarding the Error 2148. I was getting the similar error.
The problem with the -locale en_US -use-network=false is that it will prevent the access of remote resources since the network wont be considered. I myself did some experiments and found that a better approach is to go to
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html
This will show open up a webpage that displays the current security settings. Make sure that the setting is Always Allow.
Restart the Browser and the Flex 3 IDE.
The error should be gone.
Pingback: Cross domain access ActionScript Error 2148 « Decodedbits’s
Pingback: Cross domain access ActionScript Error 2148 | Decodedbits [dot] com
Sam,
Great thing to point out. I am glad that fix 3 solved your issue with AS3 Error 2148.
Curtis J
Thanks Curtis, fix 3 works fine 🙂
I just had to figure out where to add the extra property ‘-use-network=false’. In Flex 3, it’s in Project/Properties/Flex Compiler/Additional Compiler argument.
After the adding, the text field contains :
-locale en_US -use-network=false
No need to separate the extra properties with a semicolon as I did at first.
Take care
Lee,
Glad it helped.
Curtis
Cheers dude
Fix 3 worked a treat
Vikana :o)
Thank you. The flex compiler argument worked beautifully.
BTW, read this article to see what I mean by the first paragraph above: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_02.html.
Curtis, just heads up. Above you stated the crossdomain.xml HAS to be on the root. That is incorrect as of the latest release (not sure which release you mean). You can place the file in any subdirectory you want and the crossdomain.xml will pertain to that directory and subdirectories to that directory (think of it as treating that directory as “root” for this cross-domain policy).
As for Fix #3, tried it and it doesn’t work.
As for Fix #2, that pertains to my swf being loaded and accessed (ie – myloadedswf.someFunction()) by the loading swf. See LiveDocs: http://livedocs.adobe.com/labs/flex3/langref/flash/system/Security.html#allowDomain().
Hopefully posting that URL doesn’t ding this comment as spam. 🙂
Siti,
From your description it sounds like you need a crossdomain policy file or else you need to use the
Security.allowDomain(“www.somedomain.com”)
or
Security.allowDomain(“*”)
in order to get your file to load. If you are loading a Flash file into Flex, try putting in the previous line of code into each file, the Flash and the Flex.
The file will work fine in the Flash/Flex authoring environment because it does not have the same security sandbox as the Flash player.
Try fix #1 and #2 above and you should be fine. If that still doesn’t work then please write back and I am happy to help more.
Hye all,
First of all I got this video file name final.vob. I have converted it to .flv file using allok flv converter (trial version). I want to put this video on DNN(DotNetNuke). In order to do so, I have to import final.flv to Flash CS3 by clicking File>>Import>>Import. Then I have to completed the Import Video Wizard. rite.
I have tested the movie (Control>>Test Movie). It works. To make it available online, I have changed the Component Inspector source address and changed the skin to Custom skin URL. I’ve uploaded final.flv, ABI.swf and SkinOverAllNoVolNoCaptionNoFull.swf.
The problem is it unable to play the video. And the error message is:
SecurityError: Error #2148: SWF file http://www.ism.net.my/Portals/0/ABI.swf cannot access local resource D:\DNN 3.3.7\Portals\final.flv. Only local-with-filesystem and trusted local SWF files may access local resources.
at flash.net::NetStream/play()
at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_play()
at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_setUpStream()
at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_load()
at fl.video::VideoPlayer/load()
at fl.video::FLVPlayback/::doContentPathConnect()
Please advice me how to solve this problem.
Thanks.
Eirehotspur,
I would love to help. Where is the video hosted? Is this video on the same server and in the same domain as the SWF? This may be the problem. If you give me more detail I am sure that we can resolve the issue.
Thanks,
Curtis
Your fix won’t work…..as in fix 4.
I am using Flash CS3 and getting the Flash CS3 AS3 Error #2148error having done what you said and shutting down the laptop and starting again.
Getting that error on a preview of my swf with video on my page from my server.
Pingback: links for 2007-10-20 « M@’s Blog
It does need to be on the root. This is a very important aspect of the cross domain file. If you don’t have direct access then you will want to call your hosting company and have them help you put it on the root.
Hi,
I’m having troubles accessing my xml files remotely. I always get this error message when I try to load the xml.
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://users.tpg.com.au/omitted/postagecalculator.swf cannot load data from http://members.optusnet.com.au/omitted/3000.xml.
at postagecalculator_fla::MainTimeline/postagecalculator_fla::frame1()
I’ve tried creating the crossdomain.xml (although I can’t add it to the root of my domain because I essentially have a directory in a domain).
I’ve tried the hard-coded flash.system.Security.allowInsecureDomain.
Is there anything else I can do?
Does the crossdomain file have to live in the root or can i put it in the same dir as my swf file?
Thanks in advanced.