I am working on a flex based cart system that will allow the user to input their cc info directly into the flex app then process the payment behind the scenes using payflow pro. I am getting this security error and can't seem to find the solution. Any help would be appreciated.
My code -
req = new URLRequest("https://pilot-payflowpro.paypal.com");
req.method = URLRequestMethod.POST;
req.contentType = "text/namevalue";
var header:URLRequestHeader = new URLRequestHeader("X-VPS-REQUEST-ID", theID);
var header2:URLRequestHeader = new URLRequestHeader("X-VPS-CLIENT-TIMEOUT", "40");
vars = new URLVariables();
vars.TRXTYPE = "S";
vars.ACCT = CreditCard.text;
vars.EXPDATE = ExpMonth.selectedItem.data + ExpYear.selectedItem.data;
vars.TENDER = "C";
vars.VENDOR = "MyVendorName";
vars.USER = "MyUser";
vars.PWD = "MyPassword";
vars.PARTNER = "PayPal";
req.data = vars;
req.data += theOrderTotal;
var loader:URLLoader = new URLLoader();
loader.dataFormat = URLLoaderDataFormat.VARIABLES;
It could possible be something that would be solved with crossdomain.xml which you may want to google.
I have solved this issue in the past with the file containing:
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<allow-access-from domain="*" />
and putting it at the root of my app.
Thanks for the reply, I did have the crossdomain.xml file on the server where the app is running with select sites allowed access. I updated it to just include the asterisk wildcard symbol. Wouldn't that be more applicable on Paypal's server since I'm getting rejected from sending the headers there or from loading data when I make a call to their site?