[RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"]
Problem:
By default the Flash Player allows your site to retrieve data from your domain only. However, when developing with Flash tools, you'll notice that you can point to and pull in data from anywhere. This is because the Flash software grants you special permission for testing purposes. When you put your site on a server "localhost" or "www.anydomain.com", the Flash Player places a security sandbox around it and displays this error when you reach outside of it.
So for example if your Flash site is uploaded to www.flexcapacitor.com and it makes a call to www.google.com/maps.php then an error is thrown because www.flexcapacitor.com and www.google.com are two different domains. If maps.php was on www.flexcapacitor.com in the same directory as your Flash site then because both resources are on the same domain, you are allowed access to the resources there.
-
<!-- SWF is on http://www.server2.com. Correct - Look at url. -->
-
<mx:HTTPService url="http://www.server2.com/page.php" />
-
-
<!-- SWF is on http://www.server2.com. INCORRECT. Look at url. -->
-
<mx:HTTPService url="http://www.google.com/page.php" />
Note: The following URL's, "http://www.flexcapacitor.com" and "http://flexcapacitor.com" are two different domains according to the Flash Player. This includes subdomains. You may want to redirect calls from, "yourdomain.com" to "www.yourdomain.com" or vice versa. Your domain may have an option like this:
How do you like the www in your URL?
- Both http://www.domain.com/ and http://domain.com/ work.
- Add "www." if somebody goes to http://domain.com/
- Remove "www." if somebody goes to http://www.domain.com/
Solutions:
- Add a cross domain policy file on the domain you are calling. Your swf can access resources on other domains if the other domain grants your permission. They do this through a cross-domain file. This is a simple xml file on the other domain (yes, they have to set it up) that says what domains can access what content. Some sites already have cross-domain policy files setup. Here is an example. More info here...
- Using a proxy page. You place the proxy page on your site and then you call it. It then gets the remote sites page and passes that back to your page on your server. There are numerous examples online. Here is one...
- Grant the swf permission to access remote sites via the Flash Player Global Security Settings. You can change the security sandbox setting on a file or folder manually. This is useful if you are testing a SWF locally and want to grant it permission to pull data from a remote domain. To do this, open the SWF in the browser. Right click on the SWF and choose settings. In the Security tab (default) choose Advanced. This will take you to a site that displays the Flash Player's settings. On the left column choose Global Settings and then add the file or folder of the swf you are testing. Typically this will be something like, "c:/projects/flex/bin-debug/", "users/judah/documents/flex/bin-debug/" or "http://localhost/". From now on your swf can access data on sites it's not hosted on but remember this solution only grants that specific directory or file on your computer access to remote sites. This change doesn't affect anyone other computer than your own. You will still need to employ another solution listed here.
More info can be found here: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14213&sliceId=1
Please reply in the comments below if this helped you or not. You can also use the Error Lookup Tool to look up Flex compiler or runtime errors.
Thanks, it has been useful :)
i did not now that swf could not load services from other domains.
if you're getting the same error on localhost, you should probably change run path from Run/Run/Other menu option in FB2.
Add crossdomain.xml file to your html-template and the problem will go way.
If that doesn't work add the crossdomain.xml to your server root and that should take that error away.
Hi All,
Indeed i am getting the same error. My application both flex3.0 and Java are hosted on a webserver which is remote. When i try to access from my local machine it gives me a security exception. I have added the cross domain file on the hosting server but still it doesn't work.
If any one has any solution please post it.
There is a one simple solution for this problem.
you must add secure="false" with the URL else IE make this true by default for more detail just access the crossdomain URL on IE.
allow-access-from domain="*" secure="false"
I Have a problem with a Flex app displaying a data grid with info from mysql database. The Flex app runs as a swf file inside a PHP based site . The problem occurs only in IE which does not display the Flex App at all while FireFox & OPera work correctly.
I tried the secure="false" in the crossdomail.xml but it didn't work.
I would be obliged if someone could help me with this issue.
Thank you very much
I wrote about this issue some time ago. I sovled it using php. See the solution here:
http://appsolutions.blogspot.com/2008/12/flex-security-error-accessing-url.html
You need to add the crossdomain.xml file in your Server dir but for JBoss please follow below link, it bit different.
http://www.mail-archive.com/flexcoders@yahoogroups.com/msg43926.html
I've got a problem loading a webservice when running my project from a different webserver than localhost.
In Flex i get this error message:
Error: Request for resource at http://localhost:37813/serviceName.svc?hostport=webservice.homeserver.com&https=Y&id=638FD1D1-C5E4-5AB4-0C29-5A29EA0C15FD by requestor from http://myDomain/serviceName/bin/my.swf/DYNAMIC/3 is denied due to lack of policy file permissions.
*** Security Sandbox Violation ***
Connection to http://localhost:37813/serviceName.svc?hostport=webservice.homeserver.com&https=Y&id=638FD1D1-C5E4-5AB4-0C29-5A292EA0C15FD halted - not permitted from http://myDomain/serviceName/bin/jasminMediaBrowser.swf
My crossdomain.xml file on the webserver hosting the webservice:
So what could be the problem here?
.. oops forgot to paste my crossdomain.xml :
And here it comes ;)
site-control permitted-cross-domain-policies="all"
allow-access-from domain="*" to-ports="*"
allow-http-request-headers-from domain="*" headers="*"
In debug mode, only the changing the flash player security settings solves the problem.Thanks for the post.
In debug mode, changing the flash player security settings solves the problem.Thanks for the post.
Hello There,
Thank you it works well...My problem got solved by adding the "www" part to the URL.
Thanks again
Hi Judah,
Actually I found another cause of that particular problem.
Looking at the policyfiles.txt showed that Flash Player can't download the crossdomain.xml file.
When I tried to download it manually via the browser, the browser showed that SSL certificate is invalid. So, as soon as I fixed the cerificate, this error has gone.
More strangely, that this problem was appearing ONLY on Windows, all Mac & Linux machine worked fine.
Hope this could help.