Skip navigation
cpDev
cpDev Calculating status...
Currently Being Moderated

Why doesn't crossdomain.xml block my debugger?

Aug 2, 2012 10:35 PM

I deployed a cross domain policy file at sub1.mydomain.com that only allows access from sub2.mydomain.com. When I try to access sub1.mydomain.com from a SWF deployed at sub3.mydomain.com, sure enough, it doesn't work.

 

However, when I run a local SWF through my Flex bugger and try to access sub1.mydomain.com, there's no problem. It just works.

423 Views   3 Replies   Latest reply: Flex harUI, Aug 3, 2012 1:10 PM
 
Replies
  • Flex harUI
    Currently Being Moderated
    1. Flex harUI,
    Aug 2, 2012 10:53 PM   in reply to cpDev
    Report

    What domain is the SWF in the debugger using?  If it is using file:/// it has different security privileges.  You can change your project properties to deploy to and debug from a server.

     
    |
    Mark as:
  • cpDev
    Currently Being Moderated
    2. cpDev,
    Aug 2, 2012 11:28 PM   in reply to Flex harUI
    Report

    It's using file://. I just find it a bit strange that a local application can so easily bypass a remote location's cross domain policy and do things like hijack an existing session.

     
    |
    Mark as:
  • Flex harUI
    Currently Being Moderated
    3. Flex harUI,
    Aug 3, 2012 1:10 PM   in reply to cpDev
    Report

    When you run from file:// we use a special set of security rules (localTrusted sandbox) in order to simplify development setups for simple apps.  The theory is that, if you have downloaded a SWF to your computer and run it from the local file system, you are trusting it.

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points