I am also experiencing the exact same problem. I'm not able to change the crossdomain.xml file located in the root directory and am going to try creating a new policy file in a sub directory. The problem I'm having is that my web service is called from a virtual path and I do not know where to save this new policy file.
Have you tried to load in a specific policy file?
Security.loadPolicyFile( "http://yourdomain.com/policyFile.xml" );
Also, you may want to check which sandbox your swf file is in. flash.system.Security.sandboxType. This could be another cause to the error. My swf file is in the "remote" sandbox.
We don't have the same problem: I can access and edit the crossdomain.xml -
the problem is that my Flex files are ignoring it....
You can use the Security.loadPolicyFile method to overcome your problem as
you do not have access to the root directory of the web server...
And by the way flash.system.Security.sandboxType is read-only....
I don't know what to do... it seems to me that it is a bug in this version
of the Flex SDK (3,2)
I came across a possible fix to this problem. I have not been able to verify the solution yet because I'm waiting for some servers to go through a scheduled re-boot. It appears that Flash versions 9.0.124 and newer are handling web services differently. Adobe made some changes to the security sandbox and there are new options to add to the crossdomain.xml.
You basically cannot make SOAP calls outside the domain where the swf is hosted, without adding the following to the crossdomain.xml policy file:
<allow-http-request-headers-from domain="www.example.com" headers="SOAPAction"/> You may also need to add in the secure="false" to the xml node as well. Hope this helps.
That's another problem I have! Flex doesn't seem to be adding any headers to
the HTTP message, so I resorted to add the allow-http-request-headers-from
tag to the XML file, however, it didn't work! why? Because as I mentioned in
the first post, the crossdomain.xml is not being requested at any moment...
it's ignored!!!! why??????
I did some research but found not much...
I'm having the same freaking problem.
I have a flash app on my domainX, that requests stuff from serverY and then I get the wonderful permissions denied can't call method location.toString.
I have a working crossdomain.xml file and when I tail -f access.log I don't see any request to this file.
I even tried to force it using the loadPolicyFile directive, it doesn't work.
Someone please, save us from this!