Flash CS3 / Flex 2 AS3 Error #2148

Posted in Computers, Error, errors, Flash, Flex at 5:48 am by Curtis J. Morley

ActionScript Error #2148:
SecurityError: Error #2148: SWF file file:///C:/Documents and Settings/UserProfile/Desktop/flexstore/bin-release/flexstore.swf cannot access local resource myFile.swf. Only local-with-filesystem and trusted local SWF files may access local resources.

ActionScript Error #2148 can be caused by a number of reasons. If you are using Flex please keep in mind that the bin directory is a special directory that the Flash player allows SWFs ( and other files ) to load from as long as the file is stored in this directory. It will also allow a loaded swf to access network resources (a remote HTTPService call for example). If these files are placed anywhere besides the bin directory, the Flash Player prevents the file from accessing any external resources. You can allow for external access by changing the settings within the FlashPlayer or within Flex. These solutions are listed below

Fix 1 :
If you're loading in XML or other files from a remote sever that isn't hosting the SWF too, make sure you create a crossdomain.xml policy, and put it on the root of your webserver. If you haven't heard about a cross domain policy or need help creating a crossdomain.xml file click the link and I will show you how to create a crossdomain.xml file. View my tutorial on How to Create a crossdomain.xml file and visit the links on the bottom of the page to learn more.

XML Code:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policySYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<allow-access-from domain="www.curtismorley.com" />
<allow-access-from domain="curtismorley.com" />

Fix 2:
Within ActionScript you are now able to specify the cross domain access from within the code. I won't get into the guts of this one but if you want to learn more view the Flash / Flex documentation or Adobe LiveDocs - Security Chapter or get Joey Lott's book ActionScript 3 Cookbook By adding this code you will get rid of ActionScript Error #2148 If you are using https:// you will need to use allowInsecureDomain() as shown below. If you are using a local file make sure to target it correctly(i.e. c:\myFolder).

ActionScript Code:


Fix 3:
One hack to get rid of ActionScript Error 2148 is to add these arguments to the compiler (via Properties - Flex Compiler) : -use-network=false . Beware though this will effectively change your cross-domain security.

Good Code:


Fix 4:
Make sure your Global Security Settings in Flash Player allows local access to the directory your SWF/XML is running from. At the Global Security Settings in Flash Player click on Edit locations >> Add location and then either type in the new location your SWF is at (i.e. c:\myFolder) or browse for the file or folder. Shut down Flash/ Flex and all instances of the Flash Player(including browsers), and then try again. This will eliminate this ActionScript Error #2148. This solution only works for you on your computer. If you cahnge computers or change locations on the web please refer back to Fix 1.

And now you know 2 ways to fix and 2 ways to circumvent ActionScript Error #2418: Security Error

Happy Flashing


  1. Bernardinho said,

    September 4, 2007 at 12:58 am


    I’m having troubles accessing my xml files remotely. I always get this error message when I try to load the xml.

    Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://users.tpg.com.au/omitted/postagecalculator.swf cannot load data from http://members.optusnet.com.au/omitted/3000.xml.
    at postagecalculator_fla::MainTimeline/postagecalculator_fla::frame1()

    I’ve tried creating the crossdomain.xml (although I can’t add it to the root of my domain because I essentially have a directory in a domain).
    I’ve tried the hard-coded flash.system.Security.allowInsecureDomain.

    Is there anything else I can do?

    Does the crossdomain file have to live in the root or can i put it in the same dir as my swf file?

    Thanks in advanced.

  2. Curtis J. Morley said,

    September 8, 2007 at 5:52 am

    It does need to be on the root. This is a very important aspect of the cross domain file. If you don’t have direct access then you will want to call your hosting company and have them help you put it on the root.

  3. links for 2007-10-20 « M@’s Blog said,

    October 20, 2007 at 2:25 am

    […] curtismorley.com » Flash CS3 / Flex 2 AS3 Error #2148 A clear description and solution to my nemisis: the flash #2418 Security Error (tags: flex flash development) […]

  4. Eirehotspur said,

    October 21, 2007 at 1:55 am

    Your fix won’t work…..as in fix 4.
    I am using Flash CS3 and getting the Flash CS3 AS3 Error #2148error having done what you said and shutting down the laptop and starting again.

    Getting that error on a preview of my swf with video on my page from my server.

  5. Curtis J. Morley said,

    October 23, 2007 at 10:22 pm


    I would love to help. Where is the video hosted? Is this video on the same server and in the same domain as the SWF? This may be the problem. If you give me more detail I am sure that we can resolve the issue.



  6. siti said,

    December 17, 2007 at 3:18 am

    Hye all,

    First of all I got this video file name final.vob. I have converted it to .flv file using allok flv converter (trial version). I want to put this video on DNN(DotNetNuke). In order to do so, I have to import final.flv to Flash CS3 by clicking File>>Import>>Import. Then I have to completed the Import Video Wizard. rite.

    I have tested the movie (Control>>Test Movie). It works. To make it available online, I have changed the Component Inspector source address and changed the skin to Custom skin URL. I’ve uploaded final.flv, ABI.swf and SkinOverAllNoVolNoCaptionNoFull.swf.

    The problem is it unable to play the video. And the error message is:

    SecurityError: Error #2148: SWF file http://www.ism.net.my/Portals/0/ABI.swf cannot access local resource D:\DNN 3.3.7\Portals\final.flv. Only local-with-filesystem and trusted local SWF files may access local resources.
    at flash.net::NetStream/play()
    at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_play()
    at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_setUpStream()
    at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_load()
    at fl.video::VideoPlayer/load()
    at fl.video::FLVPlayback/::doContentPathConnect()

    Please advice me how to solve this problem.


  7. Curtis J. Morley said,

    December 18, 2007 at 5:15 pm


    From your description it sounds like you need a crossdomain policy file or else you need to use the


    in order to get your file to load. If you are loading a Flash file into Flex, try putting in the previous line of code into each file, the Flash and the Flex.

    The file will work fine in the Flash/Flex authoring environment because it does not have the same security sandbox as the Flash player.

    Try fix #1 and #2 above and you should be fine. If that still doesn’t work then please write back and I am happy to help more.

  8. John C. Bland II said,

    January 7, 2008 at 11:42 pm

    Curtis, just heads up. Above you stated the crossdomain.xml HAS to be on the root. That is incorrect as of the latest release (not sure which release you mean). You can place the file in any subdirectory you want and the crossdomain.xml will pertain to that directory and subdirectories to that directory (think of it as treating that directory as “root” for this cross-domain policy).

    As for Fix #3, tried it and it doesn’t work.

    As for Fix #2, that pertains to my swf being loaded and accessed (ie – myloadedswf.someFunction()) by the loading swf. See LiveDocs: http://livedocs.adobe.com/labs/flex3/langref/flash/system/Security.html#allowDomain().

    Hopefully posting that URL doesn’t ding this comment as spam. 🙂

  9. John C. Bland II said,

    January 7, 2008 at 11:43 pm

    BTW, read this article to see what I mean by the first paragraph above: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_02.html.

  10. LONG FAUCET said,

    February 15, 2008 at 7:36 pm

    Thank you. The flex compiler argument worked beautifully.

  11. Lee-Anthony said,

    February 18, 2008 at 8:31 pm

    Cheers dude

    Fix 3 worked a treat

    Vikana :o)

  12. Curtis J. Morley said,

    February 19, 2008 at 8:36 am


    Glad it helped.


  13. Sam said,

    March 9, 2008 at 6:24 pm

    Thanks Curtis, fix 3 works fine 🙂

    I just had to figure out where to add the extra property ‘-use-network=false’. In Flex 3, it’s in Project/Properties/Flex Compiler/Additional Compiler argument.
    After the adding, the text field contains :
    -locale en_US -use-network=false

    No need to separate the extra properties with a semicolon as I did at first.

    Take care

  14. Curtis J. Morley said,

    March 12, 2008 at 3:31 pm


    Great thing to point out. I am glad that fix 3 solved your issue with AS3 Error 2148.

    Curtis J

  15. Cross domain access ActionScript Error 2148 | Decodedbits [dot] com said,

    March 22, 2008 at 5:11 am

    […] More info […]

  16. Cross domain access ActionScript Error 2148 « Decodedbits’s said,

    April 1, 2008 at 12:16 am

    […] More info Posted by decodedb Filed in Tech_Stuff […]

  17. Rohit said,

    April 13, 2008 at 12:11 am

    Regarding the Error 2148. I was getting the similar error.
    The problem with the -locale en_US -use-network=false is that it will prevent the access of remote resources since the network wont be considered. I myself did some experiments and found that a better approach is to go to
    This will show open up a webpage that displays the current security settings. Make sure that the setting is Always Allow.
    Restart the Browser and the Flex 3 IDE.
    The error should be gone.

  18. Baskaran S said,

    April 17, 2008 at 5:39 am

    Hi all,

    I got the error 2048 when i try to load a .txt file from remote server.

    I am using Flash CS3 IDE.
    I used URLLoader to load the txt file.

    I tried to put the cross domain policy file, allowDomain(“*”), but
    nothing is worked.

    pls help me anyone to get rid of 2048.
    Thanks in advance.

    Baskaran S

  19. Chris said,

    May 22, 2008 at 7:36 am

    Can someone please tell me what code I would put in to simply open a text file in a local directory please?

  20. Curtis J. Morley said,

    May 22, 2008 at 7:42 am


    A text file works great to load simple name-value pairs into Flash. Another thing you might want to consider is loading an XML file. Either way I will post a couple of tutorials on how to load a .txt file into Flash/Flex and how to load an .xml file into Flash/Flex. Look shortly for a tutorial on my site.

    Curtis J. Morley

  21. curtismorley.com » Search Engine Optimization Example said,

    June 2, 2008 at 5:27 pm

    […] AS3 Error #2148 – #1,2,3 hit on Google […]

  22. Crisu said,

    June 17, 2008 at 6:27 am

    Please I need some help with this! The following error appears(AS3) when I try to load a xml file. I have tried everything with Security

    Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: file:///home/jayc/webserver1/workspacetest/Test/bin-debug/Test.swf cannot load data from http://localhost/workspacetest/xmlfeed.xml.
    at Test()[/home/jayc/webserver1/workspacetest/Test/Test.as:14]
    Error: Request for resource at http://localhost/workspacetest/xmlfeed.xml by requestor from file:///home/jayc/webserver1/workspacetest/Test/bin-debug/Test.swf is denied due to lack of policy file permissions.

  23. andreas04: close to attraction said,

    June 29, 2008 at 10:57 pm

    […] More info […]

  24. Prabhu M said,

    August 11, 2008 at 2:39 pm

    solvved my problem
    Using -use-network=false

  25. dawid said,

    August 13, 2008 at 4:41 pm

    Thanks for Your WEBSITE i solved i problem with my crossdomain.xml 😀

  26. Assem said,

    August 20, 2008 at 12:58 am


    I want to execute a php script using an SWF, the crossdomain.xml file must be putted in the server of the php file or of the SWF file ?


  27. Assem said,

    August 20, 2008 at 1:00 am

    Hi again, i forget to say that the php file domain is a https and i cannot use allowInsecureDomain().

  28. Jorge Bucaran said,

    August 24, 2008 at 7:13 pm


    This is probably the most comprehensive guide to this *issue*.

    I am digging this.

  29. Scott Duncan said,

    August 26, 2008 at 1:04 pm

    I am getting a slightly different error #2048.

    I have a flex client running on a non-secure (http) server. It is making HTTPService calls to Servlets on a secure (https) server. I have tried all types of variants in the crossdomain.xml file, but the error still persists:

    Error #2048: Security sandbox violation: http://localhost:8081/MainShell.swf cannot load data from https://localhost:443/ReasonRequiredServlet

    Note that this happens both locally and when deployed to a test server. Can flex make service calls from an http client to an https service?

    My crossdomain.xml file is in the application root (http://localhost:8081/crossdomain.xml). Is it possible that flash is not picking up the file? How can I tell if it is not?

  30. Assem said,

    August 29, 2008 at 2:26 am

    Scott, try this :

    You have to add the “secure” attribute and to set it to “false” because if you don’t do that, this attribute will get true value by default,

    Hope this help.

  31. Assem said,

    August 29, 2008 at 2:27 am

    <?xml version=”1.0″?>
    <allow-access-from domain=”*” secure=”false”/>

  32. Assem said,

    August 29, 2008 at 2:29 am

    allow-access-from domain=”*” secure=”false”

    <?xml version="1.0?>
    <allow-access-from domain="*" secure="false"/>

  33. Assem said,

    August 29, 2008 at 2:30 am

    Sorry for those messages, but I tried to put an XML code and each it’s not displayed !!

  34. kennyt said,

    January 7, 2009 at 12:01 pm

    hi. i’ve been trying to access data from an rss feed (external source). i have created my cross domain file. It looks like this

    here is the URL to my file

    when you run that file… this error shows up
    Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://ptshots.com/transitions1.swf cannot load data from http://ptshots.smugmug.com/hack/feed.mg?Type=gallery&Data=6955066%5FMfAYU&format=rss200.
    at transitions1_fla::MainTimeline/frame1()

    can anyone point me in the right direction?

  35. kennyt said,

    January 7, 2009 at 12:49 pm

    apparently my xml code didnt show

    here is the link http://ptshots.com/crossdomain.xml

  36. Adriaan Meuris said,

    January 30, 2009 at 7:07 am

    I noticed that this particular error also can be caused when running or debugging your project locally in a folder that contains characters with accents like é or è.
    I tried al of your fixes without success, changing the name of the folder did the trick.

  37. micah said,

    February 10, 2009 at 10:51 pm

    Another solution is to set “Global Security Settings” via adobe at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html#117502

  38. Flex on Grails: An one line Groovy proxy for cross domain communication for Flex « Tomás Lin’s Programming Brain Dump said,

    May 13, 2009 at 5:01 pm

    […] external websites like the Flickr API or Google domains with Flex, we often run into the dreaded #2148 Security Exception error. . In this post, I show you how easy it is to solve this using Groovy and Grails ( it’s one […]

  39. Khan said,

    May 28, 2009 at 10:01 pm

    Error: Event Target: [object HTTPService]

    Event Type: fault

    Fault Code: InvokeFailed

    Fault Info: Error #2148

    The above error is not resolved by any of the above solutions.

    Please guide

  40. Misha Rabinovich said,

    June 18, 2009 at 12:01 pm

    Hello kennyt and all. I was having this issue because i was loading data from https and my swf was on http. Here is what i added to my policy file to allow it:

    (its the secure=”false” thing)

  41. Misha Rabinovich said,

    June 18, 2009 at 12:01 pm

    My code didn’t come through:

  42. Misha Rabinovich said,

    June 18, 2009 at 12:02 pm

    Didnt come through again. Wrap this code in less then and greater then triangular brackets like regular html:

    allow-access-from domain=”*” secure=”false”/

  43. CoreySteel said,

    July 3, 2009 at 2:10 am


    I am trying to read XML file provided by our “Environmental Agency of the Republic of Slovenia”. XML contains data of current weather conditions in my city and its use should be free, but I still get this message:
    xml file: http://meteo.arso.gov.si/uploads/probase/www/observ/surface/text/sl/observation_LJUBL-ANA_BEZIGRAD_latest.xml

    Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://projekti.sloscfan.com/vreme/vreme.swf cannot load data from http://meteo.arso.gov.si/uploads/probase/www/observ/surface/text/sl/observation_
    at main_fla::MainTimeline/main_fla::frame1()

    I emailed them and they said I should check if problem is on my side. Is there any way that this is really my fault?
    BTW, file works locally on my computer without any problems.

    Thanks for you help.

  44. Joan.mmk said,

    August 2, 2009 at 3:54 pm

    Thanks mate.

  45. Cross domain access ActionScript Error 2148 – jpablobr.com said,

    January 25, 2010 at 12:05 am

    […] More info Share and Enjoy: […]

  46. Ralph said,

    February 4, 2010 at 9:14 am

    Hi Curtis, Great post. I am fighting 2121, 2044 & 2048 Flash security errors in getting an MP3 player to work and this article has been the most helpful on the net. I have added the crossdomain.xml file at our websites root and added the flash.system.Security.allowDomain in line 1 of the action script of the flash fla to allow our site access (using both the http://www.mysite and the mysite url paths) and these have helped get the player to work better on our test site. The online playback of the mp3 player will play about 4-7 mp3’s then lock-up. I think that is related to flash security also.

    I am still getting the 2121 error within Flash CS4 as I debug the player or play the swf in live view within Dreamweaver, which in turn locks-up the Flash 10 player and crashes the program. I am having the mp3 player access the mp3 files from our web site as I test the fla.

    You mention in fix 2, “If you are using a local file make sure to target it correctly(i.e. c:\myFolder).” How do you do that? I assume you mean to use the Security.allowDomain method. I have tried doing that with the c drive but I get all kinds of scripting errors because I do not know how to code with AS3.

    Here is the debug message I am getting.

    Attemping to launch and connect to Player using URL C:\Web Site Files\Plank Productions afc\Plank Productions 2010\site\MP3_List_Player_AS3.swf

    [SWF] C:\Web Site Files\Plank Productions afc\Plank Productions 2010\site\MP3_List_Player_AS3.swf – 209827 bytes after decompression

    SecurityError: Error #2121: Security sandbox violation: Sound.id3: file:///C|/Web%20Site%20Files/Plank%20Productions%20afc/Plank%20Productions%202010/site/MP3%5FList%5FPlayer%5FAS3.swf cannot access . This may be worked around by calling Security.allowDomain.

    at flash.media::Sound/get id3()

    at com.afcomponents.mp3player::MP3Player/get id3()

    at com.afcomponents.mp3player::MP3Player/handleBuffering()

    How do you target the local c drive to work properly?

    Thank you for any help.

  47. Yannick said,

    March 9, 2010 at 11:31 am

    You can get rid of this error by going to ‘Project’ -> ‘Properties’ -> ‘Flex Build Path’ -> ‘Library Path’ and change the framework linkage to ‘Merged into code’


Leave a Comment