Hi,

Am I missing something here... I'm using Flex 3 with ColdFusion8 and LiveCycle ES (standalone developer setup).

I'm just experimenting with Flex really and I was trying to load an RSS feed from the bbc news website (http://newsrss.bbc.co.uk/rss/newsonline_uk_edition/front_page/rss.xml). For whatever reason it will not load the url!

It works fine if I set up a basic flex project (no server technology). But when I try to run the same code in the application server type as ColdFusion and LiveCycle Data Services selected it throws a security sandbox violation.

I find this strange since if I launch the swf's html file from my file system (i.e: C:\myApp\Main.html) it works but if i run it from the webserver (i.e: localhost:8500/myapp/Main.html).

What is the solution to this since I was just wanting to load a simple RSS feed didn't expect be such a problem! I want to keep it running on ColdFusion because I want this test app to talk to CF8 and SQL through the AMF protocol.

I thought about setting up a CFM proxy for the feed but just seemed a bit messy! Have tried the 'useProxy="true"' on the HTTPService tag but no luck. I thought LiveCycle was supposed to work as a proxy for this problem??

Any help appreciated, I am loving flex and just want to get round this problem now and carry on with my learning! :D

Flash Player restricts cross-domain communication, and newsrss.bbc.co.uk does not have an open crossdomain.xml. You need a server-side proxy.

I thought that might be the case but it was just odd that it worked when launched locally - outside of the webserver... guess it just the way flash player works.

What's the best way to set up this server-side proxy?

Thanks for your reply :)

Pete

it was just odd that it worked when launched locally - outside of the webserver... guess it just the way flash player works.

Yeah. Local content has fewer restrictions in this regard.

What's the best way to set up this server-side proxy?

You said you were using ColdFusion. I have no experience with it, unfortunately.

Yeah. Local content has fewer restrictions in this regard.

The reason it will work when executed locally because then the Flashplayer does not have any cookies to pass to the server. When you go to the server the request is sent alongside the cookies and cross-domain security kicks in.

Setting up proxy, i wont be able to help.

That makes more sense actually I just wanted to check I wasn't missing something!

Made a solution though pretty simple and is re-useable took 2 lines of code:

XMLProxy.cfm

<cfhttp url="#URL.feed#" method="Get" timeout="15" />
<cfoutput>#cfhttp.FileContent#</cfoutput>


Save that file in your projects root so it can be accessed without flash player getting upset, then in your HTTPService URL simply type:

XMLProxy.cfm?feed=*insert your feed location here*

example using BBC Business news RSS feed:

<mx:HTTPService url="XMLProxy.cfm?feed=newsrss.bbc.co.uk/rss/newsonline_uk_edition/business/rss.xml" />


So the .cfm file basically picks up the feeds url from the query string, the only thing I did notice however is that the XML files location MUST NOT have the http:// bit on it or Flash Player starts moaning again. You could concatenate this in the .cfm but it works fine without so I haven't bothered.

But there you have it for anyone else that gets into this situation a simple, reusable fix that should work for pretty much any XML file that is out of Flash Players security zone. :)

Thanks for the input as well guys helped confirm some of my thoughts!

The reason it will work when executed locally because then the Flashplayer does not have any cookies to pass to the server. When you go to the server the request is sent alongside the cookies and cross-domain security kicks in.

Setting up proxy, i wont be able to help.

That doesn't sound exactly right to me. Flash Player, not the server, enforces cross-domain security.

It is indeed enforced by Flash player, but Http cookies come into play. When you try to access a SWF file which is downloaded from Site 1, and try to make a call to the server (Site 2), the security would kick in and it would be a cross site scripting attack, which the client reports - in our case the Flash player.

hope this explanation is more crisp.

Thanks for the informative replies

It is indeed enforced by Flash player, but Http cookies come into play. When you try to access a SWF file which is downloaded from Site 1, and try to make a call to the server (Site 2), the security would kick in and it would be a cross site scripting attack, which the client reports - in our case the Flash player.

hope this explanation is more crisp.

You didn't actually explain how cookies come into play, though.