7 Replies Latest reply on May 16, 2008 11:22 AM by arnoldchang

    Will cross domain policy file work with http->https

    arnoldchang Level 1
      I received the following error "Security error accessing url" although I have already placed the policy file on the server that hosts the service. Is it because that my Flex's site uses HTTP and the data server uses HTTPS. Is there a way to work around this issue. Thanks!
        • 1. Will cross domain policy file work with http->https
          m_law
          I have the same problem.

          My flex application is loaded over HTTP and want to connect to a web service through HTTPS. I added secure="false" in the crossdomain.xml file on the server. But I still get the following error:

          RPC Fault faultString="Security error accessing url"
          faultCode="Channel.Security.Error" faultDetail="Unable to load WSDL.
          If currently online, please verify the URI and/or format of the WSDL
          (https://.....wsdl)"]
          • 2. Re: Will cross domain policy file work with http->https
            arnoldchang Level 1
            quote:

            Originally posted by: m_law
            I have the same problem.

            My flex application is loaded over HTTP and want to connect to a web service through HTTPS. I added secure="false" in the crossdomain.xml file on the server. But I still get the following error:

            RPC Fault faultString="Security error accessing url"
            faultCode="Channel.Security.Error" faultDetail="Unable to load WSDL.
            If currently online, please verify the URI and/or format of the WSDL
            (https://.....wsdl)"]


            That's exactly the error I received. You did raise another option for me to try. I'll try to add secure="false" to see if it works. Sound like this should do the trick...
            • 3. Re: Will cross domain policy file work with http->https
              arnoldchang Level 1
              Okay, I got it working with the cross domain policy file but it only works when I browse on Window PCs. I try to run on two different Macs and receive the following error "Security error accessing url" from event.fault.faultString in mx:HTTPService. They are all running most recent Flash players. Is there a bug in the Mac version, I wonder?
              • 4. Re: Will cross domain policy file work with http->https
                arnoldchang Level 1
                As always, answer to my own question. Not a platform specific issue but with Adobe's recent patch.... Sound like I need to add a socket policy file...

                Secuirty Update
                • 5. Re: Will cross domain policy file work with http->https
                  arnoldchang Level 1
                  What's wrong with Flex? This is ridiculous that one has to setup so much stuff on a web service's server in order to run Flex application. It is not like I own the web-service server nor its system administrator will allow one to run a socket policy file server at will. It doesnt sound like a feasible solution to me....
                  • 6. Will cross domain policy file work with http->https
                    kcell Level 2
                    Hi arnoldchang,

                    first of all , I totally agree with you that the crossdomain.xml thing is anoying.

                    I don´t think that you have to use a socket policy file if you want to connect to a webservice, but you might have to modify the crossdomain.xml.

                    Please give a look to this LINK

                    or for german users (this LINK )

                    an example of a modifed crossdomain.xml looks like this:

                    <cross-domain-policy>
                    <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
                    <allow-access-from domain="*"/>
                    </cross-domain-policy>

                    best regards,
                    kcell
                    • 7. Re: Will cross domain policy file work with http-&gt;https
                      arnoldchang Level 1
                      Thanks kcell!

                      I do try <allow-http-request-headers-from> before but it doesn't work. I re-visit the topic for this tag again and realize I need to place secure="false" in this tag as well since I am sending thru HTTP->HTTPS.

                      Everything is now working and no socket policy file server is required. It's confusing just by reading the doc.