1 Reply Latest reply on Sep 15, 2009 11:10 AM by esroberts

    2048 security sandbox violation with RestHttpService library



      I have a Flex 3.2 app running on port 8080 in a servlet.  The app uses the Flex HttpService to do REST GET calls and the RestHttpService library to make POST, PUT, and DELETE calls to a REST service running on port 8082.  Periodically the app will throw Error #2048: Security sandbox violation


      Both services are running on the same host (localhost).  I have a crossdomain.xml file accessible at http://localhost:8082/crossdomain.xml.  with the contents:


      <?xml version="1.0"?>

      <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">


          <site-control permitted-cross-domain-policies="master-only"/>

          <allow-access-from domain="*" to-ports="*" />

          <allow-http-request-headers-from domain="*" headers="*"/>



      That doesn't make the error go away.  It seems the security of the Flash player has been increased as of v9,0,124,0 and now it requires a policy service running as a socket server to serve up the crossdomain.xml file.  I followed the instructions here for setting up a policy service with the same contents as the crossdomain.xml above.  When the policy service is running the number of 2048 errors decreases but I still get them periodically when using the Flex app.  Most of the posts on this forum related to the security sandbox violation seem to be fixed when the policy service is running.  What could cause my app to still experience the errors while the policy service is running?  When using Flex with REST is this the preferred way to do it or are there other alternatives?  Is anyone using Flex + REST in a production app successfully? The Perl/Python policy service described in the instructions is for testing purposes only.  Does Adobe have plans for a production version of the service?