1 Reply Latest reply on Apr 5, 2013 7:39 AM by koryfidis

    Flex WebService POST changes https to http


      Hi all,


      I have a Flex app which needs to connect to an https web service. The web service WSDL URL is given as wsdl-url.company.com where SSL-offloading is used.

      The Flex app resides at the same server the web service resides.


      The web service in defined in the mxml as


      <s:WebService id="webService" wsdl="https://wsdl-url.company.com/service.asmx?wsdl">


      The crossdomain.xml file at the server's root is


      <?xml version="1.0"?> 
      <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"> 
      <site-control permitted-cross-domain-policies="all"/> 
      <allow-access-from domain="*" to-ports="*" /> 
      <allow-http-request-headers-from domain="*" headers="*"/> 



      If the swf is loaded from the HTTPS address, crossdomain.xml will not be requested by the swf when the page loads (web service initializes), but when web service is called a POST to the http equivalent is attempted instead of https.

      i.e. using Firebug, I see that Flex is performing a POST to HTTP://wsdl-url.company.com/service.asmx, which should have been HTTPS. Why does Flex change this to http while declared as https?


      On the other hand, if the swf is loaded from HTTP at the same server, crossdomain.xml will be downloaded, but the Flash debugger will throw a “Channel.Security.Error” and the app crashes when the web service tries to initialize.


      Any help resolving this issue is highly appreciated.