Unexpected Flash Security Exception When Using URLLoader

actionscript-3 file-upload securityexception urlrequest urlloader
Cameron picture Cameron · Aug 13, 2009 · Viewed 8.3k times · Source

What I am trying to accomplish is to upload some binary data, specifically a ByteArray representing a PNG image, to a server using the URLLoader class in conjunction with URLRequest.

When I set the contentType property of the URLRequest to 'multipart/form-data' instead of the default, the call to urlLoader.load() results in a security exception.

When I leave the contentType property as the default, it works fine, but takes a long time (proportional to the length of the PNG file) to upload the file to the server.

So, my question is WHY am I getting this security exception? And how can I avoid it?

Note that my SWF is being served up from a development server, not the local filesystem (the Google App Engine development server to be precise).

Here is the code:

var pngFile:ByteArray = PNGEncoder.encode(bitmapData);

var urlRequest:URLRequest = new URLRequest('/API/uploadImage');

// With this line of code, the call to urlLoader.load() throws the following security exception:
// 'SecurityError: Error #2176: Certain actions, such as those that display a pop-up window, may only be invoked upon user interaction, for example by a mouse click or button press.'
urlRequest.contentType = 'multipart/form-data';

urlRequest.method = URLRequestMethod.POST;
urlRequest.data = pngFile;
urlRequest.requestHeaders.push(new URLRequestHeader('Cache-Control', 'no-cache'));

urlLoader = new URLLoader();
urlLoader.dataFormat = URLLoaderDataFormat.TEXT;
urlLoader.addEventListener(Event.COMPLETE, onUploadComplete);
urlLoader.addEventListener(IOErrorEvent.IO_ERROR, onUploadError);

NextFrame.addCallback(function () {
    urlLoader.load(urlRequest);
});

Answer

evilpenguin picture evilpenguin · Aug 13, 2009

It could be possible that contentType does not refer to what data you send, but to what data you receive. Try to set the requestHeaders, that should work:

urlRequest.requestHeaders.push(new URLRequestHeader('Content-type', 'multipart/form-data'));

Also, I've found a piece of code where in one of my projects. The code works and sends some binary JPEG data to the server, using POST. I dit it some time ago and I can't explain why I did the things this way, but maybe it helps. I'm pasting it as is:

function sendData(submitPath:String, descriere:String):void {
    // building the url request for uploading the jpeg to the server
    var header:URLRequestHeader = new URLRequestHeader('Content-type', 'application/octet-stream');
    var jpgURLRequest:URLRequest = new URLRequest(submitPath+'/id/'+player.id+'/path/'+player.contentPath.replace('/','')+'/width/'+player.videoWidth+'/height/'+player.videoHeight+'/descriere/'+descriere+'/timp/'+time);
    jpgURLRequest.requestHeaders.push(header);
    jpgURLRequest.method = URLRequestMethod.POST;
    jpgURLRequest.data = screenShot;

    // sending the data to the server
    var sender:URLLoader = new URLLoader();
    sender.load(jpgURLRequest);
}

Related questions

What is the best way to get the minimum or maximum value from an Array of numbers?

Let's say I have an Array of numbers: [2,3,3,4,2,2,5,6,7,2] What is the best way to find the minimum or maximum value in that Array? Right now, to get the maximum, I am looping through the Array, and resetting a variable to …

Read More
Difference between e.target and e.currentTarget

I don't understand the difference, they both seem the same but I guess they are not. Any examples of when to use one or the other would be appreciated.

Read More
Call AngularJS from legacy code

I'm using AngularJS to build HTML controls that interact with a legacy Flex application. All callbacks from the Flex app must be attached to the DOM window. For example (in AS3) ExternalInterface.call("save", data); Will call window.save = function(…

Read More