actionscript-3apache-flexgoogle-app-engineflex4.5box-api

Security sandbox violation cannot load data from box.net


I have an application which upload/download files to/from box.net. the application works fine when not deployed on server but when I deploy it on Google App Engine the following error is encountered.

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://somexyz.appspot.com/xyzsample.swf cannot load data from http://box.net/api/1.0/download/abcdef/123456.

I have included the below lines of code in as3

Security.allowDomain("*");

and placed crossdomain.xml in app root folder (Google App Engine) and can access the file using somexyz.appspot.com/crossdomain.xml

crossdomain.xml contains the below lines

<?xml version="1.0"?> 

<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"> 

<cross-domain-policy>

   <site-control permitted-cross-domain-policies="all"/>

   <allow-access-from domain="*" to-ports="*"/>

   <allow-http-request-headers-from domain="*" headers="*"/>

   <allow-http-request-headers-from domain="*"/>

</cross-domain-policy>

I am also getting the same issue when I tried using tomcat.


Solution

  • If you are loading from box.net, you need to check the http://box.net/crossdomain.xml

    and there you can read following:

    <!--
    Box has recently changed its crossdomain policy for API calls made from Flash.
    To continue using Box API, please add the following line to the code of your Flash
    application:
    - AS2: System.security.loadPolicyFile("http://www.box.net/api/crossdomain.xml");
    - AS3: Security.loadPolicyFile("http://www.box.net/api/crossdomain.xml");
    -->
    

    UPDATE

    Please be sure that you are adding it corectly:

    Security.loadPolicyFile("http://www.box.net/api/crossdomain.xml")
    

    And when loading:

    *.load('http://www.box.net/api/1.0/download/abcdef/123456');
    

    so that the path to the server would be the same: http://www.box.net/

    For flash the http://www.box.net/ and http://box.net/ are 2 different domain names.