3 Replies Latest reply on Sep 1, 2013 8:41 PM by Flex harUI

    crossdomain.xml hell


      Hi, all!


      I've been struggling with flash permissions and crossdomain.xml file 5 days already... Here is the situation I have:


      I've wrote flash application which records audio on one server and uploads it on another server. So, as you likely guessed, I faced that security sandbox violation exceptions/errors:


      Error #2044: Unhandled securityError:. text=Error #2170: Security sandbox violation: cannot send HTTP headers to


      I thought that adding the following crossdomain.xml:


      <?xml version="1.0"?>
      <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
          <site-control permitted-cross-domain-policies="all"/>    
          <allow-http-request-headers-from domain="*" headers="*" secure="true" />
          <allow-access-from domain="*" secure="true" />


      to the root of the server will do all the tricks (ha, how naive I was).

      Ok, I put it to the root of my server, but error didn't gone for some reason. I looked at the logs flash player produces and the following was stated there:


      Warning: Failed to load policy file from


      But, wait a moment, I can see this file via browser at exactly this address (though this is https and it asks me to accept certificate as usual).


      So could please somebody help me?

      That's the most frustrating thing I faced ever.


      Thanks you all for any help, it is much appreciated!

        • 1. Re: crossdomain.xml hell
          Flex harUI Adobe Employee

          It could be the fact that you have to accept the cert going over https.

          • 2. Re: crossdomain.xml hell
            mr_n0thing Level 1

            Hi, Flex HarUI,

            Could you, please, be more specific? Can I accept this certificate in the Flex or skip this check somehow (say, like addind "-k" parameter to curl request). I thought too that this can be the issue, but I didn't find any info about such cases anywhere.

            • 3. Re: crossdomain.xml hell
              Flex harUI Adobe Employee

              I don't think there is much intelligence in the FP's fetch of crossdomain.xml.  I'm no expert in this area, but I think if you fetch crossdomain.xml from the browser and it puts up a dialog about the certificate then the response from the server was probably not status==SUCCESS and at that point the FP will just give up.  You would need a legitimate certificate instead.  You should get one anyway so as not to annoy your users when you eventually deploy.