How to bypass flash crossdomain security
-
28-09-2019 - |
Question
How can I disable crossdomain.xml check when the executing swf has been loaded on localhost?
Error #2044: Unhandled SecurityErrorEvent:. text=Error #2048: Security sandbox violation: http://localhost:2541/xxx.swf cannot load data from http://www.com/xxx.swf.
I want to assign full trust to the HTML5 web application running locally. I want to disable any crossdomain checks.
Why? Some external servers do not provide crossdomain.xml for their hosted SWF files. I am running locally. I want to have full trust for debugging purposes.
How do I do that?
I will not consider AIR as it cannot be used from HTML5 application.
Adding the url "http://localhost:2541/xxx.swf" to "C:\Users\Arvo\AppData\Roaming\Macromedia\Flash Player#Security\FlashPlayerTrust\u.cfg" did not help.
Ref:
Solution
Use the local server to proxy the remote address. Say you want to connect to:
http://someserver.com/whatever
then make a call to:
http://localhost/proxy/someserver.com/whatever
and have the local server application make the actual remote call and proxy the response.
OTHER TIPS
If you are previewing the swf in Flash, there is no crossdomain restriction. If you're actually viewing it in your browser, though (eg, local webserver), it's restricted just like anything else. You'd have to place the crossdomain.xml file on the other site, or have a policy server listening on port 843 with a master policy.
I believe you need to add your local path of the file to the .cfg
file, not the path you are using to access it. So you would put /location/of/xxx.swf
to your .cfg
instead of http://localhost:2541/xxx.swf