wrong protocol for crossdomain.xml in flex app

Question

I've changed the protocol for my flex app from https to http and flashplayer still wants to download the crossdomain.xml using https though with the port for http. the app is accessed at http://domain01:8080/flex and it wants to get https:..samedomain..:8080/crossdomain.xml (at https:..samedomain..no_port/flex it works fine).

Anyone any idea why?

Thanks a lot,

Daniel

what's the URL you are using to access the App, is it https? — Gregor Kiddie, Oct 21 '10 at 11:03

score 0 · Answer 1 · answered Jan 04 '11 at 19:36

No direct answer as I haven't tried this scenario of specifying a non-default port but a couple of piece of info that might lead you to an answer:

http://learn.adobe.com/wiki/download/attachments/64389123/CrossDomain_PolicyFile_Specification.pdf?version=1

This might be of interest:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.example.com" to-ports="507,516-523"/>
</cross-domain-policy>

or this:

10,0,12,0 site-control's permitted-cross-domain-policies default for non-socket policy files is "master-only"

Maybe try an older version of Flash Player to see if something in the changes from 9->10 is causing the issue then finding the change in the change logs might be easier or perhaps it's a bug in the new version.

Good luck Shaun

score 0 · Answer 2 · answered Jan 16 '11 at 08:21

0

Flex (Atleast 3.5 AFAIK..) gets some identify crisis when you change port and use Https... The security model depends on the port.. I do not know the exact reason for the problem, but my solution was to load the crossdomain file in your app explicitly..

System.security.loadPolicyFile('https://mydomain:port/crossdomain.xml');

answered Jan 16 '11 at 08:21

uncaught_exceptions

21,712
4
41
48

Ofcourse, please externalize the url in an xml file ;).. Just trying to be politically correct. – uncaught_exceptions Jan 16 '11 at 08:22

score 0 · Answer 3 · answered Apr 05 '11 at 15:34

When you run into crossdomain issues, it's worth remembering that by using the Security class, you can always take explicit control over what crossdomain.xml file is loaded (in fact, the policy file can have any name you want). The default behavior of loading the policy file from the root of a server can often be too restrictive when dealing with more complex, real-world cases (with load-balancing or reverse proxies, for instance).

Try using:

Security.loadPolicyFile(<URI to the policy file goes here>);

The ASDocs are here and explain it quite well.

By taking control of how policies are loaded, you can gain more freedom and take a lot of the guesswork out of what can otherwise be a painful, frustrating experience. The Flash Player allows you to load multiple policy files which is handy if you need to integrate with more than one service layer (e.g. on one host through HTTPS and another through HTTP).

Good luck,

Taylor

wrong protocol for crossdomain.xml in flex app

3 Answers3