Adobe LiveCycle (Archived)

jgomer2001 · 9/18/09

Hi,

I'm serving an swf file compiled using flex builder 3.2 through plain HTTP, the SWF file calls a service in the same domain through HTTPS, as such, I put the following file in the root directory of my web server:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

and name it crossdomain.xml

When the service is invoked, I get the following error: [RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"]

When I check the access log files of my web server (Apache), there's no entry for crossdomain.xml (it is not being requested), why?

When I serve the SWF through HTTPs it works OK ... any ideas?

I have tried in several machines (different browsers, different versions of Flash player) and no success.

ccChucker · 9/28/09

I am also experiencing the exact same problem. I'm not able to change the crossdomain.xml file located in the root directory and am going to try creating a new policy file in a sub directory. The problem I'm having is that my web service is called from a virtual path and I do not know where to save this new policy file.

Have you tried to load in a specific policy file?

Security.loadPolicyFile( "http://yourdomain.com/policyFile.xml" );

Also, you may want to check which sandbox your swf file is in. flash.system.Security.sandboxType. This could be another cause to the error. My swf file is in the "remote" sandbox.

jgomer2001 · 9/28/09

We don't have the same problem: I can access and edit the crossdomain.xml -

the problem is that my Flex files are ignoring it....

You can use the Security.loadPolicyFile method to overcome your problem as

you do not have access to the root directory of the web server...

And by the way flash.system.Security.sandboxType is read-only....

I don't know what to do... it seems to me that it is a bug in this version

of the Flex SDK (3,2)

ccChucker · 9/28/09

I came across a possible fix to this problem. I have not been able to verify the solution yet because I'm waiting for some servers to go through a scheduled re-boot. It appears that Flash versions 9.0.124 and newer are handling web services differently. Adobe made some changes to the security sandbox and there are new options to add to the crossdomain.xml.

You basically cannot make SOAP calls outside the domain where the swf is hosted, without adding the following to the crossdomain.xml policy file:


<allow-http-request-headers-from domain="www.example.com" headers="SOAPAction"/>

You may also need to add in the secure="false" to the xml node as well.  Hope this helps.

jgomer2001 · 9/28/09

That's another problem I have! Flex doesn't seem to be adding any headers to

the HTTP message, so I resorted to add the allow-http-request-headers-from

tag to the XML file, however, it didn't work! why? Because as I mentioned in

the first post, the crossdomain.xml is not being requested at any moment...

it's ignored!!!! why??????

I did some research but found not much...

rsikoramelo · 10/1/09

I'm having the same freaking problem.

I have a flash app on my domainX, that requests stuff from serverY and then I get the wonderful permissions denied can't call method location.toString.

I have a working crossdomain.xml file and when I tail -f access.log I don't see any request to this file.

I even tried to force it using the loadPolicyFile directive, it doesn't work.

Someone please, save us from this!

thanks

Adobe LiveCycle (Archived)

Crossdomain.xml file not being called by the SWF

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe