I have a Flex 3.2 app running on port 8080 in a servlet. The app uses the Flex HttpService to do REST GET calls and the RestHttpService library to make POST, PUT, and DELETE calls to a REST service running on port 8082. Periodically the app will throw Error #2048: Security sandbox violation.
Both services are running on the same host (localhost). I have a crossdomain.xml file accessible at http://localhost:8082/crossdomain.xml. with the contents:
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<allow-access-from domain="*" to-ports="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
That doesn't make the error go away. It seems the security of the Flash player has been increased as of v9,0,124,0 and now it requires a policy service running as a socket server to serve up the crossdomain.xml file. I followed the instructions here for setting up a policy service with the same contents as the crossdomain.xml above. When the policy service is running the number of 2048 errors decreases but I still get them periodically when using the Flex app. Most of the posts on this forum related to the security sandbox violation seem to be fixed when the policy service is running. What could cause my app to still experience the errors while the policy service is running? When using Flex with REST is this the preferred way to do it or are there other alternatives? Is anyone using Flex + REST in a production app successfully? The Perl/Python policy service described in the instructions is for testing purposes only. Does Adobe have plans for a production version of the service?
I've discovered that if I run the Perl policy server on port 843 with the following policy, the flex app works with Flash 9,0,124,0. It breaks with Flash 10,0,32,18. The behavior is now exactly like the behavior described in this post.