Flash Security Error #2048: Is there a workaround or does Twilio have to change their meta-policy?

Question

My Flash/Flex application is having a problem. For a few months it was able to download files from Twilio but now I'm getting the following error:

(I've had to remove hyperlinks, so imagine "ttp" is really "http". :)

SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: ttp://localhost/myapp.swf?v=1 cannot load data from ttp://api.twilio.com/."

I enabled policy logging on my flash plugin and get the following messages:

OK: Searching for in policy files to authorize data loading from resource at ttp://api.twilio.com/ by requestor from ttp://localhost/myapp.swf?v=1 Warning: [strict] Policy file requested from ttp://api.twilio.com/crossdomain.xml redirected to ttps://api.twilio.com/crossdomain.xml; will use final URL in determining scope. Warning: Domain api.twilio.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See ttp://www.adobe.com/go/strict_policy_files to fix this problem. OK: Policy file accepted: ttps://api.twilio.com/crossdomain.xml Error: Request for resource at ttp://api.twilio.com by requestor from ttp://localhost/myapp.swf?v=1 is denied due to lack of policy file permissions.

So it looks to me like the problem is that Twilio doesn't specify a "meta-policy". Is there a way for me to get around this?

Can you email this to help@twilio.com as well so we can get someone looking into it? — John Sheehan, Mar 25 '11 at 17:17
When calling the API are you using `https://api.twilio.com` or `http://api.twilio.com`? HTTPS is required. That might be causing the error. — John Sheehan, Mar 25 '11 at 17:18
I sent these details to Rahim Sonawalla yesterday morning and haven't heard back. I was looking for a workaround in the interim. — desimusxvii, Mar 25 '11 at 17:19

score 2 · Accepted Answer · edited Mar 25 '11 at 22:27

2

localhost and twilio.com are not in the same domain so of course you will get a security error. Twilio needs to add this node into the crossdomain:

<site-control permitted-cross-domain-policies="all"/>

Also, make sure your embedding is up to par:

allowscriptaccess = "always"
allownetworking = "all"

If Twilio won't update the crossdomain.xml then you can install a proxy on the server hosting your flex app and grab the data via your proxy.

edited Mar 25 '11 at 22:27

John Sheehan

77,456
30
160
194

answered Mar 25 '11 at 22:13

The_asMan

6,364
4
23
34

Twilio updated their crossdomain.xml for me but the problem persists. I've taken the proxy route. – desimusxvii Mar 29 '11 at 13:57
odd it looks like they took the crossdomain down completely they might be updating it or trying to figure out what the file does. – The_asMan Mar 29 '11 at 18:25
I have implemented the changes above, but am still getting a #2048, not using twillo. Just working between my site and Rackspace cloudfiles CDN. Adding the allow scripts and networking was not a problem. site-control confused me a bit - I put this is a crossdomain.xml file and put this in the root of my site, is this accurate? – Thomas Jan 31 '13 at 18:31

score 1 · Answer 2 · answered Jan 13 '14 at 19:07

1

As of January 2014, Twilio has added the necessary cross-domain permissions mentioned in this question. If problems persist in this vein, please e-mail our support squad at help@twilio.com

answered Jan 13 '14 at 19:07

Kevin Whinnery

1,209
10
11

score 0 · Answer 3 · answered May 10 '17 at 10:54

0

the response of get crossdomain.xml must contain the HTTP response header "Content-Type:text/xml"

answered May 10 '17 at 10:54

Hujun

1
1

Flash Security Error #2048: Is there a workaround or does Twilio have to change their meta-policy?

3 Answers3

Linked