How to bypass flash crossdomain security

Question

How can I disable crossdomain.xml check when the executing swf has been loaded on localhost?

Error #2044: Unhandled SecurityErrorEvent:. text=Error #2048: Security sandbox violation: http://localhost:2541/xxx.swf cannot load data from http://www.com/xxx.swf.

I want to assign full trust to the HTML5 web application running locally. I want to disable any crossdomain checks.

Why? Some external servers do not provide crossdomain.xml for their hosted SWF files. I am running locally. I want to have full trust for debugging purposes.

How do I do that?

I will not consider AIR as it cannot be used from HTML5 application.

Adding the url "http://localhost:2541/xxx.swf" to "C:\Users\Arvo\AppData\Roaming\Macromedia\Flash Player#Security\FlashPlayerTrust\u.cfg" did not help.

Ref:

1. http://www.abdulqabiz.com/blog/archives/2007/03/20/flash-player-trust-flashplayertrust-on-gnulinux/

2. Running a SWF from file:/// without having the user change their Flash Player security settings

Answer 1

Use the local server to proxy the remote address. Say you want to connect to:

http://someserver.com/whatever

then make a call to:

http://localhost/proxy/someserver.com/whatever

and have the local server application make the actual remote call and proxy the response.

Answer 2

If you are previewing the swf in Flash, there is no crossdomain restriction. If you're actually viewing it in your browser, though (eg, local webserver), it's restricted just like anything else. You'd have to place the crossdomain.xml file on the other site, or have a policy server listening on port 843 with a master policy.

Answer 3

I believe you need to add your local path of the file to the .cfg file, not the path you are using to access it. So you would put /location/of/xxx.swf to your .cfg instead of http://localhost:2541/xxx.swf