08.31.07
Flash CS3 / Flex 2 AS3 Error #2148
ActionScript Error #2148:
SecurityError: Error #2148: SWF file file:///C:/Documents and Settings/UserProfile/Desktop/flexstore/bin-release/flexstore.swf cannot access local resource myFile.swf. Only local-with-filesystem and trusted local SWF files may access local resources.
Description:
ActionScript Error #2148 can be caused by a number of reasons. If you are using Flex please keep in mind that the bin directory is a special directory that the Flash player allows SWFs ( and other files ) to load from as long as the file is stored in this directory. It will also allow a loaded swf to access network resources (a remote HTTPService call for example). If these files are placed anywhere besides the bin directory, the Flash Player prevents the file from accessing any external resources. You can allow for external access by changing the settings within the FlashPlayer or within Flex. These solutions are listed below
Fix 1 :
If you're loading in XML or other files from a remote sever that isn't hosting the SWF too, make sure you create a crossdomain.xml policy, and put it on the root of your webserver. If you haven't heard about a cross domain policy or need help creating a crossdomain.xml file click the link and I will show you how to create a crossdomain.xml file. View my tutorial on How to Create a crossdomain.xml file and visit the links on the bottom of the page to learn more.
XML Code:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policySYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.curtismorley.com" />
<allow-access-from domain="curtismorley.com" />
</cross-domain-policy>
Fix 2:
Within ActionScript you are now able to specify the cross domain access from within the code. I won't get into the guts of this one but if you want to learn more view the Flash / Flex documentation or Adobe LiveDocs - Security Chapter or get Joey Lott's book ActionScript 3 Cookbook By adding this code you will get rid of ActionScript Error #2148 If you are using https:// you will need to use allowInsecureDomain() as shown below. If you are using a local file make sure to target it correctly(i.e. c:\myFolder).
ActionScript Code:
flash.system.Security.allowDomain("http://www.curtismorley.com");flash.system.Security.allowInsecureDomain("http://www.curtismorley.com");
Fix 3:
One hack to get rid of ActionScript Error 2148 is to add these arguments to the compiler (via Properties - Flex Compiler) : -use-network=false . Beware though this will effectively change your cross-domain security.
Good Code:
-use-network=false
Fix 4:
Make sure your Global Security Settings in Flash Player allows local access to the directory your SWF/XML is running from. At the Global Security Settings in Flash Player click on Edit locations >> Add location and then either type in the new location your SWF is at (i.e. c:\myFolder) or browse for the file or folder. Shut down Flash/ Flex and all instances of the Flash Player(including browsers), and then try again. This will eliminate this ActionScript Error #2148. This solution only works for you on your computer. If you cahnge computers or change locations on the web please refer back to Fix 1.
And now you know 2 ways to fix and 2 ways to circumvent ActionScript Error #2418: Security Error
Happy Flashing
Bernardinho said,
September 4, 2007 at 12:58 am
Hi,
I’m having troubles accessing my xml files remotely. I always get this error message when I try to load the xml.
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://users.tpg.com.au/omitted/postagecalculator.swf cannot load data from http://members.optusnet.com.au/omitted/3000.xml.
at postagecalculator_fla::MainTimeline/postagecalculator_fla::frame1()
I’ve tried creating the crossdomain.xml (although I can’t add it to the root of my domain because I essentially have a directory in a domain).
I’ve tried the hard-coded flash.system.Security.allowInsecureDomain.
Is there anything else I can do?
Does the crossdomain file have to live in the root or can i put it in the same dir as my swf file?
Thanks in advanced.
Curtis J. Morley said,
September 8, 2007 at 5:52 am
It does need to be on the root. This is a very important aspect of the cross domain file. If you don’t have direct access then you will want to call your hosting company and have them help you put it on the root.
links for 2007-10-20 « M@’s Blog said,
October 20, 2007 at 2:25 am
[...] curtismorley.com ยป Flash CS3 / Flex 2 AS3 Error #2148 A clear description and solution to my nemisis: the flash #2418 Security Error (tags: flex flash development) [...]
Eirehotspur said,
October 21, 2007 at 1:55 am
Your fix won’t work…..as in fix 4.
I am using Flash CS3 and getting the Flash CS3 AS3 Error #2148error having done what you said and shutting down the laptop and starting again.
Getting that error on a preview of my swf with video on my page from my server.
Curtis J. Morley said,
October 23, 2007 at 10:22 pm
Eirehotspur,
I would love to help. Where is the video hosted? Is this video on the same server and in the same domain as the SWF? This may be the problem. If you give me more detail I am sure that we can resolve the issue.
Thanks,
Curtis
siti said,
December 17, 2007 at 3:18 am
Hye all,
First of all I got this video file name final.vob. I have converted it to .flv file using allok flv converter (trial version). I want to put this video on DNN(DotNetNuke). In order to do so, I have to import final.flv to Flash CS3 by clicking File>>Import>>Import. Then I have to completed the Import Video Wizard. rite.
I have tested the movie (Control>>Test Movie). It works. To make it available online, I have changed the Component Inspector source address and changed the skin to Custom skin URL. I’ve uploaded final.flv, ABI.swf and SkinOverAllNoVolNoCaptionNoFull.swf.
The problem is it unable to play the video. And the error message is:
SecurityError: Error #2148: SWF file http://www.ism.net.my/Portals/0/ABI.swf cannot access local resource D:\DNN 3.3.7\Portals\final.flv. Only local-with-filesystem and trusted local SWF files may access local resources.
at flash.net::NetStream/play()
at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_play()
at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_setUpStream()
at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_load()
at fl.video::VideoPlayer/load()
at fl.video::FLVPlayback/::doContentPathConnect()
Please advice me how to solve this problem.
Thanks.
Curtis J. Morley said,
December 18, 2007 at 5:15 pm
Siti,
From your description it sounds like you need a crossdomain policy file or else you need to use the
Security.allowDomain(”www.somedomain.com”)
or
Security.allowDomain(”*”)
in order to get your file to load. If you are loading a Flash file into Flex, try putting in the previous line of code into each file, the Flash and the Flex.
The file will work fine in the Flash/Flex authoring environment because it does not have the same security sandbox as the Flash player.
Try fix #1 and #2 above and you should be fine. If that still doesn’t work then please write back and I am happy to help more.
John C. Bland II said,
January 7, 2008 at 11:42 pm
Curtis, just heads up. Above you stated the crossdomain.xml HAS to be on the root. That is incorrect as of the latest release (not sure which release you mean). You can place the file in any subdirectory you want and the crossdomain.xml will pertain to that directory and subdirectories to that directory (think of it as treating that directory as “root” for this cross-domain policy).
As for Fix #3, tried it and it doesn’t work.
As for Fix #2, that pertains to my swf being loaded and accessed (ie - myloadedswf.someFunction()) by the loading swf. See LiveDocs: http://livedocs.adobe.com/labs/flex3/langref/flash/system/Security.html#allowDomain().
Hopefully posting that URL doesn’t ding this comment as spam.
John C. Bland II said,
January 7, 2008 at 11:43 pm
BTW, read this article to see what I mean by the first paragraph above: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_02.html.
LONG FAUCET said,
February 15, 2008 at 7:36 pm
Thank you. The flex compiler argument worked beautifully.
Lee-Anthony said,
February 18, 2008 at 8:31 pm
Cheers dude
Fix 3 worked a treat
Vikana :o)
Curtis J. Morley said,
February 19, 2008 at 8:36 am
Lee,
Glad it helped.
Curtis
Sam said,
March 9, 2008 at 6:24 pm
Thanks Curtis, fix 3 works fine
I just had to figure out where to add the extra property ‘-use-network=false’. In Flex 3, it’s in Project/Properties/Flex Compiler/Additional Compiler argument.
After the adding, the text field contains :
-locale en_US -use-network=false
No need to separate the extra properties with a semicolon as I did at first.
Take care
Curtis J. Morley said,
March 12, 2008 at 3:31 pm
Sam,
Great thing to point out. I am glad that fix 3 solved your issue with AS3 Error 2148.
Curtis J
Cross domain access ActionScript Error 2148 | Decodedbits [dot] com said,
March 22, 2008 at 5:11 am
[...] More info [...]
Cross domain access ActionScript Error 2148 « Decodedbits’s said,
April 1, 2008 at 12:16 am
[...] More info Posted by decodedb Filed in Tech_Stuff [...]
Rohit said,
April 13, 2008 at 12:11 am
Regarding the Error 2148. I was getting the similar error.
The problem with the -locale en_US -use-network=false is that it will prevent the access of remote resources since the network wont be considered. I myself did some experiments and found that a better approach is to go to
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html
This will show open up a webpage that displays the current security settings. Make sure that the setting is Always Allow.
Restart the Browser and the Flex 3 IDE.
The error should be gone.
Baskaran S said,
April 17, 2008 at 5:39 am
Hi all,
I got the error 2048 when i try to load a .txt file from remote server.
I am using Flash CS3 IDE.
I used URLLoader to load the txt file.
I tried to put the cross domain policy file, allowDomain(”*”), but
nothing is worked.
pls help me anyone to get rid of 2048.
Thanks in advance.
Baskaran S
Chris said,
May 22, 2008 at 7:36 am
Can someone please tell me what code I would put in to simply open a text file in a local directory please?
Curtis J. Morley said,
May 22, 2008 at 7:42 am
Chris,
A text file works great to load simple name-value pairs into Flash. Another thing you might want to consider is loading an XML file. Either way I will post a couple of tutorials on how to load a .txt file into Flash/Flex and how to load an .xml file into Flash/Flex. Look shortly for a tutorial on my site.
Thanks,
Curtis J. Morley
curtismorley.com » Search Engine Optimization Example said,
June 2, 2008 at 5:27 pm
[...] AS3 Error #2148 - #1,2,3 hit on Google [...]
Crisu said,
June 17, 2008 at 6:27 am
Please I need some help with this! The following error appears(AS3) when I try to load a xml file. I have tried everything with Security
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: file:///home/jayc/webserver1/workspacetest/Test/bin-debug/Test.swf cannot load data from http://localhost/workspacetest/xmlfeed.xml.
at Test()[/home/jayc/webserver1/workspacetest/Test/Test.as:14]
Error: Request for resource at http://localhost/workspacetest/xmlfeed.xml by requestor from file:///home/jayc/webserver1/workspacetest/Test/bin-debug/Test.swf is denied due to lack of policy file permissions.
andreas04: close to attraction said,
June 29, 2008 at 10:57 pm
[...] More info [...]
Prabhu M said,
August 11, 2008 at 2:39 pm
solvved my problem
Using -use-network=false
dawid said,
August 13, 2008 at 4:41 pm
Thanks for Your WEBSITE i solved i problem with my crossdomain.xml
Assem said,
August 20, 2008 at 12:58 am
Hi,
I want to execute a php script using an SWF, the crossdomain.xml file must be putted in the server of the php file or of the SWF file ?
thanks.
Assem said,
August 20, 2008 at 1:00 am
Hi again, i forget to say that the php file domain is a https and i cannot use allowInsecureDomain().
Jorge Bucaran said,
August 24, 2008 at 7:13 pm
Thanks!
This is probably the most comprehensive guide to this *issue*.
I am digging this.
Scott Duncan said,
August 26, 2008 at 1:04 pm
I am getting a slightly different error #2048.
I have a flex client running on a non-secure (http) server. It is making HTTPService calls to Servlets on a secure (https) server. I have tried all types of variants in the crossdomain.xml file, but the error still persists:
Error #2048: Security sandbox violation: http://localhost:8081/MainShell.swf cannot load data from https://localhost:443/ReasonRequiredServlet
Note that this happens both locally and when deployed to a test server. Can flex make service calls from an http client to an https service?
My crossdomain.xml file is in the application root (http://localhost:8081/crossdomain.xml). Is it possible that flash is not picking up the file? How can I tell if it is not?
Assem said,
August 29, 2008 at 2:26 am
Scott, try this :
You have to add the “secure” attribute and to set it to “false” because if you don’t do that, this attribute will get true value by default,
Hope this help.
Assem said,
August 29, 2008 at 2:27 am
<?xml version=”1.0″?>
<cross-domain-policy>
<allow-access-from domain=”*” secure=”false”/>
</cross-domain-policy>
Assem said,
August 29, 2008 at 2:29 am
allow-access-from domain=”*” secure=”false”
<?xml version="1.0?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-policy>
Assem said,
August 29, 2008 at 2:30 am
Sorry for those messages, but I tried to put an XML code and each it’s not displayed !!