Security error accessing url

[RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"]

Problem
By default the Flash Player allows your site to retrieve data from your domain only. However, when developing with Flash tools, you’ll notice that you can point to and pull in data from anywhere. This is because the Flash software grants you special permission for testing purposes. When you put your site on a server “localhost” or “www.anydomain.com”, the Flash Player places a security sandbox around it and displays this error when you reach outside of it.

So for example if your Flash site is uploaded to www.flexcapacitor.com and it makes a call to www.google.com/maps.php then an error is thrown because www.flexcapacitor.com and www.google.com are two different domains. If maps.php was on www.flexcapacitor.com in the same directory as your Flash site then because both resources are on the same domain, you are allowed access to the resources there.

<!-- SWF is on http://www.server2.com. Correct - Look at url. -->
< mx:HTTPService url="http://www.server2.com/page.php" />

<!-- SWF is on http://www.server2.com. INCORRECT. Look at url. -->
< mx:HTTPService url="http://www.google.com/page.php" />

Note: The following URL’s, “http://www.flexcapacitor.com” and “http://flexcapacitor.com” are two different domains according to the Flash Player. This includes subdomains. You may want to redirect calls from, “yourdomain.com” to “www.yourdomain.com” or vice versa. Your domain may have an option like this:

How do you like the www in your URL?
- Both http://www.domain.com/ and http://domain.com/ work.
- Add “www.” if somebody goes to http://domain.com/
- Remove “www.” if somebody goes to http://www.domain.com/

Solutions

• Add a cross domain policy file on the domain you are calling. Your swf can access resources on other domains if the other domain grants your permission. They do this through a cross-domain file. This is a simple xml file on the other domain (yes, they have to set it up) that says what domains can access what content. Some sites already have cross-domain policy files setup. Here is an example. More info here…

• Using a proxy page. You place the proxy page on your site and then you call it. It then gets the remote sites page and passes that back to your page on your server. There are numerous examples online. Here is one…

• Grant the swf permission to access remote sites via the Flash Player Global Security Settings. You can change the security sandbox setting on a file or folder manually. This is useful if you are testing a SWF locally and want to grant it permission to pull data from a remote domain. To do this, open the SWF in the browser. Right click on the SWF and choose settings. In the Security tab (default) choose Advanced. This will take you to a site that displays the Flash Player’s settings. On the left column choose Global Settings and then add the file or folder of the swf you are testing. Typically this will be something like, “c:/projects/flex/bin-debug/”, “users/judah/documents/flex/bin-debug/” or “http://localhost/”. From now on your swf can access data on sites it’s not hosted on but remember this solution only grants that specific directory or file on your computer access to remote sites. This change doesn’t affect anyone other computer than your own. You will still need to employ another solution listed here.

• Set checkPolicyFile to false (for images). More info here, http://livedocs.adobe.com/flex/3/html/help.html?content=05B_Security_03.html and http://livedocs.adobe.com/flex/3/html/05B_Security_03.html#140657.

More info can be found here: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14213&sliceId=1

Please reply in the comments below if this helped you or not. You can also use the Error Lookup Tool to look up Flex compiler or runtime errors.

This entry was posted in AIR, Errors, Flash, Flex. Bookmark the permalink.

24 Responses to Security error accessing url

  1. Tim says:

    Thanks, it has been useful :)

    i did not now that swf could not load services from other domains.

  2. oktay says:

    if you’re getting the same error on localhost, you should probably change run path from Run/Run/Other menu option in FB2.

  3. Al says:

    Add crossdomain.xml file to your html-template and the problem will go way.

  4. Sunny says:

    If that doesn’t work add the crossdomain.xml to your server root and that should take that error away.

  5. Deepesh says:

    Hi All,

    Indeed i am getting the same error. My application both flex3.0 and Java are hosted on a webserver which is remote. When i try to access from my local machine it gives me a security exception. I have added the cross domain file on the hosting server but still it doesn’t work.

    If any one has any solution please post it.

    • mahesh says:

      u have to add accessible dirs in this file

      .macromedia/Flash_Player/#Security/FlashPlayerTrust/flexbuilder_plugin.cfg

      currently where ur flex project is running…like..this

      /files/home/flex-swf-csmp
      /files/home/csmp-flex-new

  6. Sudhir Chauhan says:

    There is a one simple solution for this problem.

    you must add secure=”false” with the URL else IE make this true by default for more detail just access the crossdomain URL on IE.

  7. Sudhir Chauhan says:

    allow-access-from domain=”*” secure=”false”

  8. Nick says:

    I Have a problem with a Flex app displaying a data grid with info from mysql database. The Flex app runs as a swf file inside a PHP based site . The problem occurs only in IE which does not display the Flex App at all while FireFox & OPera work correctly.

    I tried the secure=”false” in the crossdomail.xml but it didn’t work.

    I would be obliged if someone could help me with this issue.

    Thank you very much

  9. Andreas says:

    I wrote about this issue some time ago. I sovled it using php. See the solution here:

    http://appsolutions.blogspot.com/2008/12/flex-security-error-accessing-url.html

  10. Sachin Mali says:

    You need to add the crossdomain.xml file in your Server dir but for JBoss please follow below link, it bit different.
    http://www.mail-archive.com/flexcoders@yahoogroups.com/msg43926.html

  11. Øivind says:

    I’ve got a problem loading a webservice when running my project from a different webserver than localhost.

    In Flex i get this error message:
    Error: Request for resource at http://localhost:37813/serviceName.svc?hostport=webservice.homeserver.com&https=Y&id=638FD1D1-C5E4-5AB4-0C29-5A29EA0C15FD by requestor from http://myDomain/serviceName/bin/my.swf/DYNAMIC/3 is denied due to lack of policy file permissions.

    *** Security Sandbox Violation ***
    Connection to http://localhost:37813/serviceName.svc?hostport=webservice.homeserver.com&https=Y&id=638FD1D1-C5E4-5AB4-0C29-5A292EA0C15FD halted – not permitted from http://myDomain/serviceName/bin/jasminMediaBrowser.swf

    My crossdomain.xml file on the webserver hosting the webservice:

    So what could be the problem here?

  12. Øivind says:

    .. oops forgot to paste my crossdomain.xml :

  13. Øivind says:

    And here it comes ;)
    site-control permitted-cross-domain-policies=”all”
    allow-access-from domain=”*” to-ports=”*”
    allow-http-request-headers-from domain=”*” headers=”*”

  14. Deepak says:

    In debug mode, only the changing the flash player security settings solves the problem.Thanks for the post.

  15. Deepak says:

    In debug mode, changing the flash player security settings solves the problem.Thanks for the post.

  16. Mafaz says:

    Hello There,
    Thank you it works well…My problem got solved by adding the “www” part to the URL.
    Thanks again

  17. mitek17 says:

    Hi Judah,

    Actually I found another cause of that particular problem.
    Looking at the policyfiles.txt showed that Flash Player can’t download the crossdomain.xml file.
    When I tried to download it manually via the browser, the browser showed that SSL certificate is invalid. So, as soon as I fixed the cerificate, this error has gone.

    More strangely, that this problem was appearing ONLY on Windows, all Mac & Linux machine worked fine.

    Hope this could help.

  18. Tavo says:

    @Øivind your crossdomain works for me, thanks. I dont know what’s your problem but maybe you must check the permissions for files on server.
    Thanks to author of this post too.

  19. Surendra Gurjar says:

    thanks really helpful post…

  20. Thanks, this is really helpful

  21. Shrimppop says:

    None of these worked for me until I learned here (http://kosiara87.blogspot.com/2011/03/flexflashbuilder-security-error.html) that I needed to Project -> Export Release Build.

  22. smauz says:

    Hi all,
    I’m trying to access a mail serverice (mail.company.it:25) from my swf application, on release server, but I have the following error:
    Error #2044: securityError non gestito:. text=Error #2048: Violazione della sicurezza sandbox: http://myserver/geoportale/viewers/MapViewerAd_v1_5/widgets/ImportData/ImportData.swf can’t load mail.company.it:25.

    How I can solve this issue? I’ve already saved the crossdomain.xml in the server root directory.

    thanks
    Smauz

Leave a Reply

Your email address will not be published. Required fields are marked *

Wrap your code before posting! Click the links below:

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="">