3 Replies Latest reply on Jul 31, 2009 10:33 AM by Gregory Lafrance

    Cross-domain Question


      I have been developing a Flex application for a while that uses HTTPService objects to GET XML from and POST XML to a remote web service.  Launching the application from my local machine, I have had no security problems.  However, I just ported the first instance of the app over to our server and I started getting security errors (faultString = 'Security error accessing url', faultDetail = 'Destination: DefaultHTTP').


      I'm pretty sure that this is a cross-domain issue, and I am communicating with those in charge of the server to get a security policy file added to the server root.  When I was communicating with them, however, I could not clearly explain why they on the server had to add a security policy file for what is primarily a client security concern.


      • Am I right that this is a cross-domain issue?
      • Why did I not have this error when I was launching the app from my file system?
      • Why is the server responsible for security policies rather than the client?