1 Reply Latest reply on Dec 20, 2009 6:47 PM by asaad970

    Security Sandbox Issues with Flex/AS3 and AppEngine


      I'm having trouble with an AS3 AMF RemoteObject request that is hosted on App Engine. I have a crossdomain.xml file in the root of the domain, and also one at the remoting endpoint.


      Here are the contents of the root crossdomain.xml:


      <?xml version="1.0"?>
      <site-control permitted-cross-domain-policies ="all"/>
      <allow-access-from domain="*.appspot.com"/>
      <allow-access-from domain="*.{appid}.appspot.com"/>
      <allow-access-from domain="*.{appid}.com"/>
      <allow-access-from domain="*.{appid}.org"/>


      I have replaced my application's ID with {appid}. In the endpoint crossdomain.xml, it says the exact same thing, except it omits the <site-control> tag.


      Loading the swf file and testing it on my machine works just fine... I think that may have something to do with me having the debugger version of Flash Player.


      When I push it up to App Engine to make it public, other clients access it and get a Client.Error.MessageSend Channel.Security.Error error Error #2048 url: http://05-alpha.latest.{appid}.appspot.com/_rpc/data.


      I am using Flex 4 beta, and the App Engine Python runtime.


      Thanks in advance for any help.