0 Replies Latest reply on Dec 18, 2008 6:37 PM by millerthegorilla

    cross domain scripting problem

    millerthegorilla
      sorry for the double post - can you remove this please?

      Hi - I'm having a problem with cross domain scripting. I've got an admin interface at www.admin.mydomain.com and it's trying to access a shim movie at www.mydomain.com. I've tried all possible permutations of crossdomain.xml and system.security.allowdomain. The swfs were authored in flash8 but I've just switched to flash10 and am publishing them for flash10 - the error messages when debugging are more complete. I'm using actionscript 2.
      I've had to put the crossdomain.xml on the root of the server and on the root of the subdomain (with permitted-cross-domain-policies = "all") otherwise the admin swf complains when the root crossdomain.xml tries to access it. I'm explicitly calling system.security.loadpolicyfile in both movies. I've tried setting system.security.allowdomain(_parent._url) in the shim movie and system.security.allowdomain(_shim_mc._url) in the admin swf (which is in the subdomain). This removed all of the sandbox error messages (eg
      *** Security Sandbox Violation ***
      SecurityDomain ' http://www.mydomain.com/shim.swf' tried to access incompatible context ' http://www.admin.mydomain.com/' )
      that I was getting when the shim loaded into the admin but whenever cross scripting occurs I get the same error messages. I don't believe it should be necessary to call system.security.allowdomain every time I cross-script, at least I've never read that anywhere and I've read a fair amount of tutorials, helpfiles, whitepapers etc to try and understand what is happening. Maybe I'm wrong - can anyone help? Below is my crossdomain.xml

      <?xml version="1.0"?>
      <!DOCTYPE cross-domain-policy SYSTEM
      " http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

      <cross-domain-policy>
      <site-control permitted-cross-domain-policies="all"/>
      <allow-access-from domain="*.mydomain.com" to-ports="80"/>
      <allow-access-from domain="*.admin.mydomain.com" to-ports="80"/>
      <allow-access-from domain="www.admin.mydomain.com" to-ports="*"/>
      <allow-access-from domain="www.mydomain.com" to-ports="*" />
      </cross-domain-policy>