Cross domain policy issues

Similar Messages

• Cross domain policy file and BitmapData

  Hey guys and gals, I'm having an issue with a Security error
  when trying to access photos from an external site. I have a client
  who is at siteA.com, who wants to load in photos from siteB.com,
  siteC.com, and probably 100 other sites. He has permission to do so
  from the other sites, but doesn't want to go through all the
  trouble of asking each site to post a cross-domain policy file.
  Please correct me if I'm wrong, but the way I understand it is, if
  you want to simply load an image into a Loader object within a swf,
  you're ok, but if you want to access the BitmapData, you will then
  get a security error? My snippet of code that I believe is causing
  the security error is
  public function imageLoaded(e:Event):void {
  var image:Bitmap = Bitmap(e.target.loader.content);
  image.smoothing = true;
  imageContainer.addChild(e.target.loader);
  As you can tell, the reason why I want to access the Bitmap
  itself is to apply smoothing. That is my main concern, I want to be
  able to apply smooth transitions to these pictures that are loaded
  in from external sites. My main goal is to load images externally,
  then apply smooth transitions, so if you know of a way to get
  around the security violations, that would be great. The only
  work-around we have for this is to write a script that will load
  all the images from the external sites onto the local server, as
  this will be less work than getting the cross-domain policy file on
  each server (if that's what it takes). Thanks in advance for
  anybody who can shed some light on the subject.

  If I understand you correctly, a 'helper' swf would be on the
  site where the images are held, much like a cross-domain policy
  file? I don't understand how that would be much different than
  getting the external sites to add a cross-domain policy file on
  their server. It sounds easier to just throw the cross-domain
  policy file on the external site's server with '*' for the path of
  allowed directories to load images from. I'm pretty new to the
  cross-domain security issue, so I'm not sure. I don't understand
  why it's a security risk to access the pixels of an image either...
  anybody know about that? Just trying to figure out where to go from
  here on this project. Thanks for the reply GWD, still looking for
  some more feedback.

• Error 2170 in Cross Domain Policy deployed in Enterprise Portal

  Hi All,
  We are facing an Error # 2170 for the Cross Domain Policy in Enterprise Portal.
  We developed the dashboard using 2 web service connections (using ECC Remote Enabled Functon Module). The Web services were made Public so that they can be accessed from any network. We developed the dashboard using the public enabled webservices and exported to the SWF file which is working fine.
  But when we place the dashboard SWF file in the Enterprise portal it gives the error " Cross Domain Policy Error #2170" .
  We Placed the Cross domain Policy file in ECC Server in the root directory and placed the same in Enterprise portal C drive.
  But still it shows the same error when we preview the dashboard in Enterprise Portal.
  The Cross Domain Policy File that we are using is as follows:
  -<cross-domain-policy> <site-control permitted-cross-domain-policies="all"/>
              <allow-access-from secure="false" to-ports="" domain=""/>
             <allow-http-request-headers-from secure="false" domain="" headers=""/>
             <allow-https-request-headers-from secure="false" domain="" headers=""/>
  </cross-domain-policy>
  Please let us know if the cross doamin file is correctly coded and suggest us with suitable solutions for this problem. Also let us know if there is some alternative solution to this issue.
  Thanks,
  Malla Reddy D

  Hello Malla,
  Maybe SAP Note 1240810 helps... Anyway, I would say that if your issue is with the direct SAP NW BI connection, through BICS, the only file which is relevant is bicsremotecrossdomain.xml, which should be located on your server HTTP root.
  Another check you can perform is if you have both portal certificate entries as per SAP Note 1508663.
  Kind Regards,
  Marcio

• Load XML file from addon domain without cross-domain Policy file

  Hello.
  Assuming that there are two addon domains on the same server: /public_html/domain1.com       and      /public_html/domain2.com
  I try to load XML file from domain2.com into domain1.com without using cross-domain policy file (since it doesn’t work on xml files in my case).
  So the idea is to use php file in order to load XML and read it back to flash.
  I’ve found an interesting scripts that seems to do the job but unfortunately I can't get it to work. In my opinion there is somewhere problem with AS3 part. Please take a look.
  Here are the AS3/PHP scripts:
  AS3 (.swf in www.domain1.com):
  // location of the xml that you would like to load, full http address
  var xmlLoc:String = "http://www.domain2.com/MyFile.xml";
  // location of the php xml grabber file, in relation to the .swf
  var phpLoc:String = "loadXML.php";
  var xml:XML;
  var loader:URLLoader = new URLLoader();
  var request:URLRequest = new URLRequest(phpLoc+"?location="+escape(xmlLoc) );
  loader.addEventListener(Event.COMPLETE, onXMLLoaded);
  loader.addEventListener(IOErrorEvent.IO_ERROR, onIOErrorHandler);
  loader.load(request);
  function onIOErrorHandler(e:IOErrorEvent):void {
      trace("There was an error with the xml file "+e);
  function onXMLLoaded(e:Event):void {
      trace("the rss feed has been loaded");
      xml = new XML(loader.data);
      // set to string, since it is passed back from php as an object
      xml = XML(xml.toString());
      xml_txt.text = xml;
  PHP (loadXML.php in www.domain1.com):
  <?php
  header("Content-type: text/xml");
  $location = "";
  if(isset($_GET["location"])) {
      $location = $_GET["location"];
      $location = urldecode($location);
  $xml_string = getData($location);
  // pass the url encoded vars back to Flash
  echo $xml_string;
  //cURLs a URL and returns it
  function getData($query) {
      // create curl resource
      $ch = curl_init();
      // cURL url
      curl_setopt($ch, CURLOPT_URL, $query);
      //Set some necessary params for using CURL
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     //Execute the curl function, and decode the returned JSON data
      $result = curl_exec($ch);
      return $result;
      // close curl resource to free up system resources
      curl_close($ch);
  ?>

  I think you might be right about permissions/settings on the server for php. Unfortunately I'm not allowed to adjust them.
  So I wrote my own script - this time I used file path instead of http address of the XML file.  It works fine in my case.
  Here it is:
  XML file on domain2.com:
  <?xml version="1.0" encoding="UTF-8"?>
  <gallery>
      <image imagePath="galleries/gallery_1/images/1.jpg" thumbPath="galleries/gallery_1/thumbs/1.jpg" file_name= "1"> </image>
      <image imagePath="galleries/gallery_1/images/2.jpg" thumbPath="galleries/gallery_1/thumbs/2.jpg" file_name= "2"> </image>
      <image imagePath="galleries/gallery_1/images/3.jpg" thumbPath="galleries/gallery_1/thumbs/3.jpg" file_name= "3"> </image>
  </gallery>
  swf  on domain1.com:
  var imagesXML:XML;
  var variables:URLVariables = new URLVariables();
  var varURL:URLRequest = new URLRequest("MyPHPfile.php");
  varURL.method = URLRequestMethod.POST;
  varURL.data = variables;
  var MyLoader:URLLoader = new URLLoader;
  MyLoader.dataFormat =URLLoaderDataFormat.VARIABLES;
  MyLoader.addEventListener(Event.COMPLETE, XMLDone);
  MyLoader.load(varURL);
  function XMLDone(event:Event):void {
      var imported_XML:Object = event.target.data.imported_XML;
      imagesXML = new XML(imported_XML);
     MyTextfield_1.text = imagesXML;
     MyTextfield_2.text = imagesXML.image[0].attribute("thumbPath");  // sample reference to attribute "thumbPath" of the first element
  php file on domain1.com:
  <?php
  $xml_file = simplexml_load_file('../../domain2.com/galleries/gallery_1/MyXMLfile.xml');  // directory to XML file on the same server
  $imported_XML = $xml_file->asXML();
  print "imported_XML=" . $imported_XML;
  ?>
  Regards
  PS: for those who read the above discussion: the first and the second script work but you must test which one is better in your situation. The first script will also work between two domains on different servers. No cross domain policy file needed.

• I am developing a flex web application which needs to access Other domain ,is there any other way other than cross domain policy available ? please help

  i am developing a flex web application which needs to access Other domain (Payment Gateway API),is there any other way other than cross domain policy available ? please help.
  we donot have access other domain thats why we want other solution..

  All the paths to CFCs are the same in my live production site.  Can you be more specific as to what you mean by "RemoteClass aliases in your AS Classes and CFCs (if any) are correct."?  How will the app know that the CFC is on http://myLiveSite.com instead of http://myDevSite.com?  The only line of code that I have noticed that points to a URL is the endpoint in a file called _Super_XXX.as.  And at the top of that file it says that the file is not meant for editting.
  To clarify...I see your app/code all exists on a server access via a web browser so I can understand that everything still works when deployed.  Mine is a mobile app so when I am developing and testing on my local computer the URL points to my local development machine.  However when I deploy it to a mobile device like a tablet and run the app, it needs to be able to access a cfc on a remote server via a different URL ie. my http://myLiveSite.com/myCFC.cfc instead of http://localhost/myCFC.cfc
  Thanks for your help!  I will now take a look at your thread.
  Message was edited by: ace0215

• Cross Domain Connection Issues with Test Controller

  I am having trouble resolving a problem I have connecting a build agent with the test controller in a cross domain environment.  I have purged out the actual machine names, domain names, and IP addresses just in case that is a security concern. 
  Situation is this:
  All machines are running Visual Studio 2013
  Test controller/agents are on Windows Server 2012 R2
  Test controller is installed as stand-alone in order to be able to do load testing, as well as API and CodedUI.
  Build definition in TFS kicks off the automation using testsettings file to point to build controller
  Application under test uses resources in the ABC.XYZ domain.  Test agents need to be in ABC.XYZ in order to test application E2E.
  TFS is in Main.corp.company.com domain.
  Test controller is a dual-homed box in corp.company.com and ABC.XYZ domains.  It are accessible from Main using the corp.company.com NIC.
  All our dual homed boxes are set up this way.  Dual homed with Main and ABC directly is considered a security violation.
  From the dual homed box, logged in with my ABC credentials, I can access TFS in Main using my Main credentials.
  Manually, I can successfully kick off a test run from a command line from a VM in ABC.
  Build controller and build agents are in Main.corp.company.com.
  Build controller can successfully connect to build agent, and build agent successfully builds the automation.
  Build agent fails to connect to build controller:
  Failed to queue test run 'buildagent@MachineOne 2014-08-12 12:35:34_Any CPU_Debug': No such host is known
  I can ping the build controller from the test agent, and I can successfully query port 6901:
  Querying target system called:
  testcontroller.corp.company.com
  Attempting to resolve name to IP address...
  Name resolved to 10.10.10.111
  TCP port 6901 (unknown service): LISTENING
  Firewall is turned off on the test controller.  Even if it wasn’t, the relevant rules allowing port 6901 and File and Printer Sharing are created.
  Local Security Policy | Security Options | Network access: Sharing & security model = classic
  NETBIOS names of the test agents and build agent are set in the test controller’s hosts file (they were pingable without this anyway)
  NETBIOS name of the test controller is set in the test agent’s hosts file (it was pingable without this anyway)
  Tried both simple NETBIOS name and FSDN for test controller in testsettings file
  Considering installing a build agent on the same machine as the test controller, but suspect that would just move my communication problem to build controller : build agent
  Considering moving test controller to Main and making the four test agents dual-homed, but there is a concern to limit the number of dual-homed boxes, and also suspect that would again just move the communication problem.
  I can use netstat to verify that the service is listening to port 6901 on both NICs:
  TCP    0.0.0.0:6901           0.0.0.0:0              LISTENING       6536
  TCP    [::]:6901              [::]:0                 LISTENING      
  6536
  (PID 6536 is the QTController.exe)
  However the VSTTController.log only mentions listening to the ABC NIC.  Since the connection to the ABC test agents works, that makes sense.
  When I open the testsettings file on my laptop in the Main domain and examine the server name, there is a warning that the host cannot be found.  When I open it on a VM in the ABC domain I am able to manage the test controller and view all the test
  agents.  However, if I try to restart the build controller I get an access denied error.  Not sure if that is related in some way.
  I am using a ABC domain service account to run the test agent sevice.  There is a Main domain service account running the build.  Both service accounts are administrators on the test controller and in the TeatTestControllerAdmins and TeatTestControllerUsers
  groups.  The test agent service account is also in the TeamTestAgentService group.
  I tried to create a port proxy to forward requests from the Main facing NIC to the port on the ABC facing NIC:
  netsh interface portproxy add v4tov4 listenport=6901 listenaddress=10.10.10.111 connectport=6901 connectaddress=10.20.20.222
  This almost worked.  I could see with netstat commands that the port was opened and a connection was established with the build agent,  however after a long wait it hit an error that it couldn’t find the ABC NIC:
  A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.20.20.222:6901
  So apparently the ABC IP is getting forwarded back to the test agent, which then of course can’t use it.
  I am running out of ideas to try.  Not sure where the problem is:
  Cross-domain issue between Main.corp.company.com and corp.company.com?  Or,
  Problem with the test controller not being able to listen on more than one NIC?
  I know I am not the first person to try to set up something cross domain.  Most of the troubleshooting suggestions I have been able to bing have been about fixing connections between test controller and test agents, which isn’t the problem here. 
  Is this set up just so far from standard that VS can’t handle it?
  Thanks in advance,
  Gary

  Hi Gary,
  Thank you for posting in the MSDN forum.
  >> Build agent fails to connect to build controller: Failed to queue test run 'buildagent@MachineOne 2014-08-12 12:35:34_Any CPU_Debug': No such host is known
  >> I know I am not the first person to try to set up something cross domain.  Most of the troubleshooting suggestions I have been able to bing have been about fixing connections between test controller and test
  agents, which isn’t the problem here. 
  Just to make this issue clearly, you mean that it is not the Test Controller and Test Agent issue, am I right?
  As you said that it is related to the Build controller and build Agent, am I right?
  If it is related to the Build Controller and Build Agent, I suggest you post this issue to the TFS forum, there you would get dedicated support.
  http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?category=vstfs&filter=alltypes&sort=lastpostdesc
  If there's any concern, please feel free to let me know.
  Sincerely,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a
  href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.

• Spry JSONDataset and IE8 cross domain policy

  Hi,
  I'm using Spry JSON Dataset to retreive feeds of JSON data from Google Picasa and then show the results on our photo page. Works fine in Firefox but not in IE8. Is this a cross domain issue or is something else happening to stop the page rendering the spry regions in IE8? I know IE8 can be quite fussy at times.
  Debug tools in IE8 not the best (give me firebug any time)
  Page is here www.thehmc.co.uk/photonew.html
  Phil

  Hi,
  Now I've had time to play and got my head around what JSON-P really means - I've come up with a lightweight solution. Arnout thanks for your input as that sent me off on the right track.
  I noticed that Google can provide the JSON string wrapped in a callback function - see format below
  http://picasaweb.google.com/data/feed/api/user/thehmc.co.uk?kind=tag&alt=json-in-script&ca llback=testit&hl=en_GB
  Firstly I define my Spry JSONDataset as before but don't give it an url to load the data from
  var dsTags = new Spry.Data.JSONDataSet(null,{path:"feed.entry",  subPaths:["title","gphoto$weight"],sortOrderOnLoad: "ascending", sortOnLoad: "title.$t"} );
  So introducing the function below, which dynamically adds a script to the document body pointing top the url you pass it
  function makeRequest(sUrl) {
          var oScript = document.createElement("script");
          oScript.src = sUrl;
          oScript.async = true
          var done = false;
          oScript.onload = oScript.onreadystatechange = function()
              if ( !done && (!this.readyState || this.readyState === "loaded" || this.readyState === "complete") )
                done = true;
                 oScript.onload = oScript.onreadystatechange = null;
                 if ( oScript && oScript.parentNode )
                  oScript.parentNode.removeChild( oScript );
          document.body.appendChild(oScript);
  and then calling it, passing the url to the Google feed
  makeRequest("http://picasaweb.google.com/data/feed/api/user/thehmc.co.uk?kind=tag&alt=json-in-script&ca llback=testit&hl=en_GB");
  Function testit(root)
      dsTags.setDataFromDoc(root);
  Since the JSON string is already converted to a JSON object when it arrives at the callback function I had to change the JSONDataset function as below to not to try and parse if already an object
  Spry.Data.JSONDataSet.prototype.loadDataIntoDataSet = function(rawDataDoc)
      if (this.preparseFunc)
          rawDataDoc = this.preparseFunc(this, rawDataDoc);
      var jsonObj;
      if (typeof rawDataDoc == "object")
          jsonObj = rawDataDoc;
     else
          try    { jsonObj = this.useParser ? this.parseJSON(rawDataDoc) : eval("(" + rawDataDoc + ")"); }
          catch(e)
              Spry.Debug.reportError("Caught exception in JSONDataSet.loadDataIntoDataSet: " + e);
              jsonObj = {};
  This works a treat in IE8 and Firefox.
  I can see that your YQL version will be more flexible in terms of the number of feeds it'll be able to provide in JSON format but for now I just need this for Google Picasa.  Ideally I'd like a YQL version that retrieves the JSON string and then passes it to a user defined callback function to do with what it wants.
  I need to change my other JSON datasets but otherwise the page will be good to go soon enough.
  Cheers for your inputs
  Phil

• Cross-Domain Policy File

  I just made an IRC client for Android + iOS, and now I'm having issues porting it to the browser.  I've built flash games where the server hosts the Policy Domain File, obviously with an IRC client that's not going to happen in all instances.
  I'm wondering why the browser version can run perfectly fine under CS6's debug mode, but when it's been deployed to the browser it can't seem to connect?  What settings would I have to do [if at all possible] to replicate this debug mode [in CS6] inside the browser?
  Thanks!

  In the browser, are you running it via Flash Player or are you making an AIR for web app?
  The browser is the strictest sandbox Flash can run in. The infamous #2048 is a generic security violation. You're doing something your current sandbox doesn't allow. The most obvious thing to verify is on the SWF output settings make sure your sandbox is set to access network files, not access local files. Otherwise you'll get that error.
  Outside that it's going to be looking for a socket policy file. I won't even get into creating these because your endpoint is an IRC server. Unless you're running your own IRC server you're not going to get some IRC server host to install a socket policy file for you so that point is moot. Without the socket policy file you're in some tough territory that will require some advanced debugging.
  My suggestion would be to get Fiddler so you can actually see the request and response packets being sent to and from Flash inside your browser. You will definitely see Flash make a request and the response will give you clues on what's happening just before you receive the #2048 security error. You may see it request the policy file and then the server returns nothing or an invalid response and then Flash gives you the error. If that happens you may be out of luck.
  Here's fiddler (I'd update your .NET to the latest and use V4 instead of V2):
  http://www.fiddler2.com/fiddler2/version.asp
  Here's another Adobe post of someone having a #2048 error while using fiddler to diagnose it:
  http://forums.adobe.com/message/4668901#4668901
  The fiddler site has some documentation. It's a pretty great tool for analyzing packet traffic (using the "select process" target will limit the packets to a browser you select (or any other app)). You may need to enable decrypting HTTPS traffic if you're using a SecureSocket. There's all instructions there on helping you diagnose and watch the inner workings of all requests/responses to track down the issue quickly.
  Lastly I would uninstall Fiddler after you're done with it and reinstall it later when you need it. Especially if you enable HTTPS decryption. It must install some fake certificates to allow itself to intercept traffic. You'll just clutter up your certificates with junk certs if you keep fiddler installed. It's a very quick install/uninstall and the software itself is very widely used and regarded. It's not a trust thing, it's a cleanliness thing.

• Xml Socket  policy to connect to a range of IPS cross domain scripting

  Dear,
  I have a problem with connecting to other servers rather the
  one who has served the swf file.
  i was facing the problem even on the same machine , so i have
  provided the policy file , to be served before opening the
  connection, and it works, but still in IE6 i was just skiping the
  requset-policy-file that is sent by the movie and it works, rather
  the other browsers didn't like this way. At that time i have
  written the code to check for the header , and send back the policy
  file.
  the policy file that i am using is the following:
  PolicyFile = @"<?xml
  version=""1.0""?><cross-domain-policy><allow-access-from
  domain=""192.168.1.100"" to-ports=""843""
  /><allow-access-from domain=""192.168.1.101""
  to-ports=""843"" /></cross-domain-policy>";
  My hope is to be able to connect to 192.168.1.101:843 , and
  my server web is the other ip .
  Best regerds

  Hi, go to
  Flash Resources , you can
  find a java application that can serve policy files to resolve this
  problem.

• Cross Domain XML not working

  Greetings,
  I recently obtained two different domains that point to a subdirectory of another domain server. The swf file I created does not show up when I use the domains that are pointing to the subdirectory of the original domain.
  I placed an xml file into the root directory that contains the following code:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
      <allow-access-from domain="*.newdomainname1.com"/>
      <allow-access-from domain="*.newdomainame2.com"/>
  </cross-domain-policy>
  Nothing shows up. Is there something else I need to do make this work? I created the swf file using CS3 - Action Script 2. I tried searching everywhere to see if I'm missing a step, but cannot find anything. Any help would be greatly appreciated.

  I'm still not entirely clear what the problem is.
  Those links to the other domain show 404 errors, which is related to how things are set up on your hosting server for those domains, and nothing to do with flash.
  Are you trying to get the swf at http://www.searecovery.com/ to load data from the other domains? (I can't see it trying to do that, so perhaps not)
  If so you need to add *.searecovery.com to the crossdomain files at the other domains.
  Crossdomain files give flash content (swfs) hosted at one domain access to load data (or grant access to the data of loaded assets) from another domain.
  So you need crossdomain permission if you want a swf hosted at www.danfoss-searecovery.com to load xml data from www.danfosssearecovery.com for example, or to get at the bitmapdata of jpgs loaded from www.danfosssearecovery.com.
  If you just want to host the swf at the other domain, and if it's not loading data from external domains, then you pretty much just need to move copies of the html and swf there along with any external assets it loads (so long as you have used relative urls for loaded assets from within the swf) . If that's what you're trying to do then the issue here is likely to be simply how your hosting environment is set up for the other domains.

• Domain access issue with limited user access

  Hi all,
  I have to deploy a flex site (without the flex data services,
  unless essential) that acesses xml data from servlets that arent
  neccessarily under the same domain, and some will be physically
  located on different servers.
  I am using the cross-domain policy file, and this works fine
  provided the server is logged in with Administrative privlidges.
  However if it is logged in under a domain (with some limited
  access) I can no longer access the required data. This data is
  still available if I access it direct by typing the location into
  the browser address bar. So there is definately something stopping
  me from accessing the data within flex.
  If anyone has encountered similar problems and come up with
  solutions (which does not involve forwarding data using additional
  servlets) then your tips and advice would be much appreciated.
  Thanks!

  It was issue due to some configurations in 'External Facing Extension Service' inside configuraton-content management-global service.

• Cross domain scripting: error #2048

  Hi,
  This is my first entry in this forum but I already found a lot of answers by browsing it. However, altough many references seem to solve the problem I'm hurting on, it doesn't seem to work for me...
  Now, here's the case:
  I made a flash web site that will be hosted on an external web server (let's call it server «www.external.com»).
  My flash needs to get some info from my internal server (let's call it «www.internal.com»).
  On «www.internal.com», I don't have access to the root, only to the folder «myfolder» so my website reads like this: «www.internal.com/myfolder».
  Being aware of some sandbox security issues, I made a crossdomain.xml file and uploaded it to «www.internal.com/myfolder/crossdomain.xml» to provide acces to «www.internal.com/myfolder» from «www.external.com» wich is the following:
  <?xml version="1.0"?>
  <cross-domain-policy>
       <allow-access-from domain="www.external.com" />
       <allow-http-request-headers-from domain="www.external.com" headers="*"/>
  </cross-domain-policy>
  In my flash, there is the code i use to retrieve my info:
  Security.loadPolicyFile("http://www.internal.com/myfolder/crossdomain.xml");
  var myData:URLRequest = new URLRequest("http://www.internal.com/myfolder/myapp/datarequest.cfm");
  var loader:URLLoader = new URLLoader();
  loader.load(myData);
  That's where I get the raging error #2048 in an error #2044 telling me this (excuse the french, my player and I use this language):
  Error #2044: securityError non pris en charge : text=Error #2048: Violation de la sécurité Sandbox : http://www.external.com/flashapp.swf ne peut pas charger de données à partir de http://www.internal.com/myfolder/myapp/datarequest.cfm.
  According to what I saw and read, loading a policy file should allow me to access info. Once I read that the crossdomain.xml file absolutely had to be on the root of the web server, unfortunately, I don't have access to the root.
  There surely is something wrong with what I am doing, anyone has a thought?
  Thanks in advance and sorry for the long message...

  just a guess here - it looks mainly as though you are on the right track, and you are correct if you so not have access to the root, then you must target the crossdomain.xml location as you have specified.
  the one thing i don't see that you have listed here is a call to:
  Security.allowDomain("www.external.com");
  which *might* be the issue

• Problem with socket cross domain

  Hi guys,
  This is my cross domain file:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
  <!-- Policy file for xmlsocket://socks.example.com -->
  <cross-domain-policy>
     <site-control permitted-cross-domain-policies="*"/>
     <allow-access-from domain="localhost" to-ports="80" />
  </cross-domain-policy>
  I am placing it in my server.
  From flex i am running this:
  Security.loadPolicyFile("my server address");
  And yet I am getting this event:
  SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048"
  What can I do?

  Hello ILikeMyScreenNameNdCoffee,
  I had the same problem with XMLSocket and I used a policy server that runs
  on the remote server on port 843 and from Flex I load file before connecting
  the xmlsocket Security.loadPolicyFile("my server address:843"). If you want
  I can upload a version of my policy server or you can use the server policy
  from here
  http://www.broculos.net/tutorials/how_to_make_a_multi_client_flash_java_server/20080320/en
  Also you can read here more about file policy:
  http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_04.html.
  On Thu, Aug 19, 2010 at 5:40 PM, ILikeMyScreenNameNdCoffee <[email protected]

• Cross domain error while displaying .SWF files in  portal

  Hi Experts,
  i am working on EP ,
  i am trying to display a .swf file in a iview but that file is  giving an error as
  Add a cross domain policy file to the external data web server
  this swf file is retriving data from BI system.
  Please suggest !!
  i got a solution of putting a crossdoaim.xml file in root directory but thats not possible

  I think two urls will work for you:
  Xcelsius SWF with QaaWS through SSL: Cannot access external data
  http://livedocs.adobe.com/flex/3/html/help.html?content=security2_04.html

• Cross Domain error for Silverlight + MVC application with self hosted WCF service on azure

  Hi,
  We are migrating existing Silverlight application to MVC; existing Silverlight application is hosted on
  Azure which is consuming self-hosted WCF service. For authentication we have implemented
  ADFS with WIF (passive). The cloud service (<myWebSite>.cloudapp.net) is C Name to (<myWebSite>.<myDomain>.com) and we 
  are consuming  WCF service at <myWebSite>.cloudapp.net/<myService>.svc, as we were getting “Cross Domain” error so we have added “clientaccesspolicy.xml” at the root of “WEB ROLE”.
  Existing Silverlight application works fine but the problem occurred when we deploy our migrated application to the same cloud service. We are getting a “Cross Domain” error.
  The same migrated application works fine on UAT environment, the only difference is UAT environment is
  without ADFS WIF implementation.
  Migrated application is half Silverlight and half MVC with initial landing page is Silverlight. MVC web role is used to host the service i.e. .SVC . To go to SL landing page , redirected from home controller. Following is being observed in fiddler for this
  application
  Existing Silverlight application -
  After authentication with ADFS it redirect to Silverlight landing page.
  Before calling service method it looks for “clientaccesspolicy.xml”
  In response header we are getting the content of “clientaccesspolicy.xml”
  And after this everything works fine
  Migrated Silverlight-MVC application –
  After authentication with ADFS it redirects to “HomeController” and from there we are redirecting to Silverlight landing page.
  Before calling service method it looks for “clientaccesspolicy.xml”
  In response header we are getting  following content - “https://federation-sts.<myDomain>.com/adfs/ls/?wa=wsignin1.0&amp;
  wtrealm=https%3a%2f%2f<myWebSite>.<myDomain>.com&amp;
  wctx=rm%3d0%26id%3dpassive%26ru%3d%252fclientaccesspolicy.xml&amp;wct=2014-03-17T10%3a36%3a04Z”
  4.Throw “Cross Domain” error.
  Also we have added filter in
  RouteConfig
  for .xml file
  routes.IgnoreRoute("{*allxml}",
  new { allxml = @".*\.xml(/.*)?" });
  NOTE: There is no configuration change apart from MVC configuration.
  We have done RDP to web role and found that “clientaccesspiolicy.xml” is present at “E:\approot” location and it is also accessible at “https://<myWebSite>.<myDomain>.com/clientaccesspolicy.xml”.
  Please help
  Thanks,
  Rahul P

  Hi,
  Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
  http://something/clientaccesspiolicy.xml directly in a browser
  without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
  not logged in. Then test the cross domain policy file.).
  Best Regards,
  Ming Xu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.