Home Tutorials Forums Articles Blogs Movies Library Employment Press

Go Back   ActionScript.org Forums > Supporting Technologies > Flash Remoting

Thread Tools Rating: Thread Rating: 1 votes, 5.00 average. Display Modes
Old 04-27-2009, 10:12 AM   #1
New Member
Join Date: Mar 2009
Posts: 27
Default security error accessing url altough permissive crossdomain.xml exists


this is driving me nuts... i've got a flex3 app that communicates with a soap webservice. The WS-client is generated by flex builder and all works fine in the local-trusted sandbox. But when the flex is deployed to a webserver a security error occurs when it's accessing the service. crossdomain.xml exists in the domain root and is loaded (see log below, it warns about https because i deactivated it to verify it's not a cert issue). But it still complains about a missing policy file directive.

What else needs to be done to access a webservice that runs on another domain?

crossdomain.xml (@ http://foo.bar.de/crossdomain.xml)
<?xml version="1.0"?>
	<allow-access-from domain="*" secure="false" to-ports="*"/>
flex builder debug log:
Warnung: Das 'secure'-Attribut in der Richtliniendatei von http://foo.bar.de/crossdomain.xml wird ignoriert. Das 'secure'-Attribut ist nur in HTTPS- und Socket-Richtliniendateien zulässig. Nähere Informationen finden Sie unter http://www.adobe.com/go/strict_policy_files_de

Warnung: Domäne foo.bar.de gibt keine Metarichtlinie an. Es wird die Standardrichtlinie "master-only" angewendet. Diese Konfiguration ist veraltet. Informationen zur Behebung dieses Problems finden Sie unter http://www.adobe.com/go/strict_policy_files_de.

Fehler: Anforderung der Ressource unter http://foo.bar.de/baz/ durch Kunden von http://www.otherdomain.de/path/to/flex.swf wird abgelehnt wegen nicht vorhandener Richtliniendateiberechtigungen.
*** Security Sandbox-Verletzung ***
Verbindung mit http://foo.bar.de/baz/ unterbrochen - nicht zulässig von http://www.otherdomain.de/path/to/flex.swf
'0931DFE2-97DA-B0A8-3FF0-E70338343847' producer acknowledge of 'C39DB60E-9476-0F58-9023-E7033844747F'.
'0931DFE2-97DA-B0A8-3FF0-E70338343847' producer fault for 'C39DB60E-9476-0F58-9023-E7033844747F'.
thanks in advance,

ps. if you know how to change the locale of the debug console to english, i'd aprechiate a hint too.
justme123 is offline   Reply With Quote
Old 04-28-2009, 09:15 AM   #2
New Member
Join Date: Mar 2009
Posts: 27

to answer my own question, i was missing
<allow-http-request-headers-from domain="*" headers="*"/>
in the policy file.

Enabling the policy file log as described here finally helped me to find this.
justme123 is offline   Reply With Quote

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Querying to see if file exists at target url andyHartzell ActionScript 2.0 4 03-04-2010 09:22 PM
What is the most permissive crossdomain.xml policy file? quinthar Flash 9 General Questions 7 12-16-2008 05:19 PM

All times are GMT. The time now is 11:49 AM.

Follow actionscriptorg on Twitter


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Ad Management plugin by RedTyger
Copyright 2000-2013 ActionScript.org. All Rights Reserved.
Your use of this site is subject to our Privacy Policy and Terms of Use.