5 Replies Latest reply on Oct 1, 2009 4:07 PM by rsikoramelo

    Crossdomain.xml file not being called by the SWF




      I'm serving an swf file compiled using flex builder 3.2 through plain HTTP, the SWF file calls a service in the same domain through HTTPS, as such, I put the following file in the root directory of my web server:


      <?xml version="1.0"?>
      <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
          <allow-access-from domain="*" secure="false" />


      and name it crossdomain.xml


      When the service is invoked, I get the following error: [RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"]


      When I check the access log files of my web server (Apache), there's no entry for crossdomain.xml (it is not being requested), why?


      When I serve the SWF through HTTPs it works OK ... any ideas?


      I have tried in several machines (different browsers, different versions of Flash player) and no success.

        • 1. Re: Crossdomain.xml file not being called by the SWF

          I am also experiencing the exact same problem.  I'm not able to change the crossdomain.xml file located in the root directory and am going to try creating a new policy file in a sub directory.  The problem I'm having is that my web service is called from a virtual path and I do not know where to save this new policy file.


          Have you tried to load in a specific policy file?

          Security.loadPolicyFile( "http://yourdomain.com/policyFile.xml" );


          Also, you may want to check which sandbox your swf file is in.  flash.system.Security.sandboxType.  This could be another cause to the error.  My swf file is in the "remote" sandbox.

          • 2. Re: Crossdomain.xml file not being called by the SWF
            jgomer2001 Level 1

            We don't have the same problem: I can access and edit the crossdomain.xml -

            the problem is that my Flex files are ignoring it....

            You can use the  Security.loadPolicyFile method to overcome your problem as

            you do not have access to the root directory of the web server...

            And by the way flash.system.Security.sandboxType is read-only....

            I don't know what to do... it seems to me that it is a bug in this version

            of the Flex SDK (3,2)

            • 3. Re: Crossdomain.xml file not being called by the SWF
              ccChucker Level 1

              I came across a possible fix to this problem.  I have not been able to verify the solution yet because I'm waiting for some servers to go through a scheduled re-boot.  It appears that Flash versions 9.0.124 and newer are handling web services differently.  Adobe made some changes to the security sandbox and there are new options to add to the crossdomain.xml.


              You basically cannot make SOAP calls outside the domain where the swf is hosted, without adding the following to the crossdomain.xml policy file:

              <allow-http-request-headers-from domain="www.example.com" headers="SOAPAction"/>
              You may also need to add in the secure="false" to the xml node as well.  Hope this helps.

              • 4. Re: Crossdomain.xml file not being called by the SWF
                jgomer2001 Level 1

                That's another problem I have! Flex doesn't seem to be adding any headers to

                the HTTP message, so I resorted to add the allow-http-request-headers-from

                tag to the XML file, however, it didn't work! why? Because as I mentioned in

                the first post, the crossdomain.xml is not being requested at any moment...

                it's ignored!!!! why??????

                I did some research but found not much...

                • 5. Re: Crossdomain.xml file not being called by the SWF

                  I'm having the same freaking problem.


                  I have a flash app on my domainX, that requests stuff from serverY and then I get the wonderful permissions denied can't call method location.toString.


                  I have a working crossdomain.xml file and when I tail -f access.log I don't see any request to this file.


                  I even tried to force it using the loadPolicyFile directive, it doesn't work.


                  Someone please, save us from this!