Flash Builder 4 - Security error accessing url

Report · Feb 24, 2011

Hi,

I have built a FB4 application which accesses a .NET web service of a partner company. The app runs just fine in FB4 development environment, but won't work when published to my server. I can not figure out how to get past the following error: "Security error accessing url Destination: DefaultHTTP"

It is unlikely that I will get a crossdomain.xml file on their server, so I'm trying to get it to work using a proxy. The proxy.php is located in the same directory as the swf, and it works just fine if I use it directly in the browser. This is the proxy.php code:


<?php
$session = curl_init(trim(urldecode($_GET['url'])));                   // Open the Curl session
curl_setopt($session, CURLOPT_HEADER, false);          // Don't return HTTP headers
curl_setopt($session, CURLOPT_RETURNTRANSFER, true);   // Do return the contents of the call
$xml = curl_exec($session);                            // Make the call
header("Content-Type: text/xml");                  // Set the content type appropriately
echo $xml;        // Spit out the xml
curl_close($session); ?>

In my Flash Builder code, i'm using a Webservice object, and I have set the wsdl property to the following:

wsdl = http://mydomain.com/autoben/proxy2.php?url=http://staging.MypartnerCompany.net/api/v01_00/the...

Again, the app works fine when in the FB4 development enviroment, and this url returns the expected XML data when run directly

from the browser. When I run the published app from my server, this is the message I get back:

I have also tried running the published app in https from my server. i have changed the wsdl uri to the following, and get the same results ...

wsdl = https://mydomain.com/autoben/proxy2.php?url=https://staging.MypartnerCompany.net/api/v01_00/t...

I have worked for days on this, any help would be greatly appreciated. Thanks in advance

tom.

Report · Feb 25, 2011

Does the cross-domain.xml at the webservice server provide access to the domain you are publishing the SWF to?

Report · Feb 27, 2011

With .NET one generally needs a crossdomain.xml in the application root. If the webservice (wsdl) is in a subdirectory and it has it's own web.config it will generally need a crossdomain.xml file in the same directory as the webservice.

I use the term "generally" because server configurations vary, for my servers, I always need a crossdomain.xml file for any directory I want to expose a webservice from. For example if I have a webservice in a directory named stocks and the url is http://www.mysite.com/stocks/mywsdl.asmx I need a crossdomain.xml file in the stocks directory. Not the server root directory / for http://www.mysite.com

Many make the mistake with .NET and place the crossdomain or clientaccesspolicy files in the server root and think it will cover all webservices globally. In most cases it causes access violations.

The image below is of a live service in a sub directory svr. This is the structure I have to use when exposing webservices from .NET

Report · Mar 01, 2011

Hi, and thanks for the responses. Unfortunately I am still not able to get this working! I have now given up on the proxy solution, and have asked my partner company to put the following crossdomain.xml on their server:

<cross-domain-policy>
<allow-access-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>

The application still gives me the same Security Error response. I am using charles for debugging. I've observed that the crossdomain.xml file is not loaded from their server unless i put loadPolicyFile("http://pathTo/crossdomain.xml"); in my code, and I'm still not sure if thats the best practice, or if the file should just be loaded automatically.

The crossdomain.xml file is in the directory where the SOAP service is being served from.

I'm still trying to solve this problem, and appreciate the help, and any further ideas i could try.

thanks in advance

Adobe Community

Flash Builder 4 - Security error accessing url