1

I am hosting a java service and a flex application on the same server. The flex application accesses the java service. As the flex application loads I get a security error, how can this happen? I thought I do not need a crossdomain.xml when hosting on the same server.

My flex app gets the data via a http service that sends calls to 1.2.3.4:9000/service, the flex application itself lies on 5.6.7.8/test.swf, my crossdomain.xml looks like the following

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="5.6.7.8" to-ports="*"  />
</cross-domain-policy>

It is accessible from 1.2.3.4:9000/crossdomain.xml. Note that everything works when I use domain="*" instead of domain="1.2.3.4"

I hope someone can help me

Sebastian

Sebastian Müller
  • 5,471
  • 13
  • 51
  • 79

3 Answers3

4

If your Flex app is on the server with ip 5.6.7.8 you need to allow that ip in the crossdomain for the 1.2.3.4 server. This let's the Flash running from 5.6.7.8 know that 1.2.3.4 allows connections from that specific adress.

If you still have the same problem a quick way to find out what's going on is to use a debug proxy (i like Charles). That way you'll see flash' request for the crossdomain.xml and what the response looks like, most likely the request is going somewhere you didn't expect or the server messes it up somehow.

grapefrukt
  • 27,016
  • 6
  • 49
  • 73
  • This is correct. By default, a SWF loaded from domain X may only access services husted at domain X. If the SWF wants to access servies from domain Y, then it must have a crossdomain.xml file which grants access to domain X. – cliff.meyers Sep 02 '09 at 15:19
  • i added some more suggestions to my answer – grapefrukt Sep 02 '09 at 17:26
1

Are you using Sockets?

In that case you need to serve Policy Files either with your existing Java Server or a standalone one.

http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html

  • I serve the policy file with the server. I am hosting my service under 1.2.3.4:9000/service and the crossdomain file under 1.2.3.4:9000/crossdomain.xml when I have allow_site_access set to * everything works fine but when I set the domain to 1.2.3.4 the error occurs – Sebastian Müller Sep 02 '09 at 10:06
1

Does 1.2.3.4 represent an IP address? If so I believe you have to use a domain name here not an ip address, otherwise you could have several domains on the same server and bypass the same domain checks.

jcoder
  • 29,554
  • 19
  • 87
  • 130