SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller

SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller file:///C:/Documents and Settings/Judah/My Documents/Flex Builder 3/project/bin/project.swf cannot access file:///C:/Documents and Settings/Judah/My Documents/Flex Builder 3/project/bin/frame1.html.

There are a few reasons for this error that counts as stepping outside of the Flash Player sandbox. One is when the path contains spaces. There are also times when your project will only work on the server or a server (localhost or remote). There are also issues with the browser that you run it in for example, (Firefox vs Internet Explorer). In my case it wouldn’t work because of the spaces in the filename.

Note: Do not use the default workspace in Flex Builder or Eclipse. The default path points to a location in your “My Documents” directory which contains spaces in the path. Set the default workspace to something without spaces, such as “C:\projects\” instead of the default which is, “C:/Documents and Settings/Judah/My Documents/Flex Builder 3/”.

Switching Workspaces
You can do this by choosing File > Switch Workspace > Other and point it to a new directory.

After I switched to my normal workspace in “C:\projects\flex\” the error went away and the problem was fixed.

Copying these files up to your server or your local host may also fix your issue.

Previewing in http://localhost instead of file://
You can view these files on localhost instead of the file system by changing the following,

1. Start your local host (use a package like XAMPP)
2. In Flex Builder right click on the root project folder and select properties. This will open the project Properties window.
3. Select Flex Build Path and in the output folder choose a directory on your localhost. For example, “C:\XAMPP\xampp\htdocs” or “C:\XAMPP\xampp\htdocs\myproject”
4. In the Output folder URL enter the URL to the output folder. For example, “http://localhost/” or “http://localhost/myproject”

Now when you test your projects in Flex Builder they will be launched in the browser and served from the local host server, “http://localhost/” rather than the local file system “file://path/to/project/bin/myproject.html”.

Granting Privileges
Granting privileges to your project through the Global Security Settings
Go to the Global Security Settings panel at
and add your output folder of your application. This is the location entered in the Flex > Project > Properties > Flex Build Path > Output folder.

Please post in the comments your situation and if this has helped you or not.

This entry was posted in AIR, Errors, Flash, Flex. Bookmark the permalink.

17 Responses to SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller

  1. Matt Schick says:

    As a note to those who come after:

    I was still getting the sandbox error even though I had no spaces in the path to the file. Putting the project on my local webserver solved the problem. (This is on OSX Leopard)

    A quick way to host a project in apache but not have to move the project is to add an Alias and Directory statement to your /etc/apache2/httpd.conf (this is for osx, your mileage may vary on other OSes).

    here’s what to add:

    Alias /my_project “/Users/username/path/to/my_project”

    Options Indexes MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all

    Now if you point your browser to http://localhost/my_project you should get a directory listing of your project and you can open the .html file.

  2. Matt Schick says:

    rats! okay, it ate my carrots. Heres how the code for your httpd.conf should look:

    Alias /my_project “/Users/username/path/to/my_project”
    <Directory “/Users/username/path/to/my_project”>
    Options Indexes MultiViews
    AllowOverride All
    Order allow,deny
    Allow from all

  3. Gijo says:

    Thanks very much :)

  4. Derek Basch says:

    I was having endless hours of problems using file:// with the Flex AJAX Bridge.

    The AJAX code would fail silently during the SWF initialization callbacks to the AJAX code. I would then have null values for all of the SWF root elements.

    As soon as I installed a web server and started using http://localhost everything worked perfectly.

    Extreme time wastage :(

  5. TK says:

    Thanks to Judah and Matt for the extra info. I’ve been trying to work around the security error associated with ExternalInterface and stumbled upon this post. When the html test page is called through my local web server everything is fine but when the browser (ie) views the same page through local file system… well, you know.

  6. Vijay says:

    Hi Judah,
    Great solution.It works fine.Thanks


  7. evanmcd says:

    Thanks a bunch for this. Helped me understand why the heck I would get this sometimes and not others.

    – Evan

  8. Kuldip Jain says:

    I want to run flex component with file:// URL only, I can’t use Webserver. Can anyone please help in running same.

  9. Prasanna says:

    The later one worked fine. Thanks for the solution.

  10. igor says:

    thanks, you really helped me+)

  11. II says:

    If this fix doesn’t work and you just want to get the error to go away, check this out:

  12. Chris Black says:

    Thanks Judah! Very helpful post.

  13. angvz says:


    I’ve had endless problems with “Security sandbox violation”, and it all comes down to spaces in the workspace path?


  14. Pingback: Calling JavaScript function from Flex 4 web application - Flex Solutions - Developers Q & A

Leave a Reply

Your email address will not be published. Required fields are marked *

Wrap your code before posting! Click the links below: