2 Replies Latest reply on Aug 27, 2008 7:26 AM by wkolcz

    Cross Domain Policy

    wkolcz Level 1
      I work with 2 server domains at the university. I have www.med.umich.edu and www2.med.umich.edu. I am creating a RSS Reader that will reside on the the www. and httprequest to the www2. I am a lot hazy on how to allow only the www access to the XML file on the www2

      I see the 'allow-access-from domain' attribute (set to all now). Looking at Adobe security examples, they modified it the say *.example.com' but also the added port addresses. I just want to make sure that all the med.umich.edu servers can access this XML file. How can I change it to allow it. OR can I change the wildcard to '*.med.umich.edu" and not have to put in the port addresses?

      My IT dept is going to grill me on this before that put this in the root of the www2 server, so I want all the info I can get. Thanks.

      <?xml version="1.0"?>
      <!DOCTYPE cross-domain-policy SYSTEM
      " http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

      <site-control permitted-cross-domain-policies="master-only"/>
      <allow-access-from domain="*"/>
      <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
        • 1. Re: Cross Domain Policy

          cant you use webservice instead of an Httpservice. I had the same problem with httpservice, was having cross domain access problems. I switched to using a webservice and it seems to be working now, at least i can get using the operations specified in the wsdl file.
          See if that sorts your problem, Are you accessing a wsdl file?
          • 2. Re: Cross Domain Policy
            wkolcz Level 1
            I would like to use a wsdl instead, but we're running Blue Disaster (I mean Dragon) and it doesn't seem to autogenerate wsdl's off of my CFCs. Also my IT department is scared to set me up with a web service.

            I did added a simple crossdomain.xml file to my site.

            <site-control permitted-cross-domain-policies="master-only" />
            <allow-access-from domain="www.med.umich.edu" secure="true" />
            <allow-access-from domain="www2.med.umich.edu" secure="true" />
            <allow-http-request-headers-from domain="www.med.umich.edu" headers="SOAPAction" secure="true" />

            But still getting an error:

            [RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"]

            I am 90% sure that I am putting into the root of one of our folders (PRMC) which should be a root


            The Flex app is located on the www.med.umich.edu

            Anything I am missing?