Okay I've reduced the code to a very simple test case. Please
have a look at it below (ignore the lengthy XML and headers - I
know that they are correct).
If I run this code locally, everything work and I get the
"successful" message, however if I run it in a browser, I always
get the "security error" message with an error code #2048 (which is
undocumented). This is the crossdomain.xml file from eBay, which I
believe should allow any request:
"Each <allow-access-from> tag also has the optional
secure attribute, which
defaults to true. You can set the attribute to false if your
policy file is
on an HTTPS server, and you want to allow SWF files on a
non-HTTPS server to
load data from the HTTPS server."
I've found that (at least with flash 9,0,115,0) that you have
to make sure all your file/url queries are absolute paths also. Not
a help in your case perhaps, but may help some other stuck people
(like I was earlier on).