Error 2170 in Cross Domain Policy deployed in Enterprise Portal

Similar Messages

• Load XML file from addon domain without cross-domain Policy file

  Hello.
  Assuming that there are two addon domains on the same server: /public_html/domain1.com       and      /public_html/domain2.com
  I try to load XML file from domain2.com into domain1.com without using cross-domain policy file (since it doesn’t work on xml files in my case).
  So the idea is to use php file in order to load XML and read it back to flash.
  I’ve found an interesting scripts that seems to do the job but unfortunately I can't get it to work. In my opinion there is somewhere problem with AS3 part. Please take a look.
  Here are the AS3/PHP scripts:
  AS3 (.swf in www.domain1.com):
  // location of the xml that you would like to load, full http address
  var xmlLoc:String = "http://www.domain2.com/MyFile.xml";
  // location of the php xml grabber file, in relation to the .swf
  var phpLoc:String = "loadXML.php";
  var xml:XML;
  var loader:URLLoader = new URLLoader();
  var request:URLRequest = new URLRequest(phpLoc+"?location="+escape(xmlLoc) );
  loader.addEventListener(Event.COMPLETE, onXMLLoaded);
  loader.addEventListener(IOErrorEvent.IO_ERROR, onIOErrorHandler);
  loader.load(request);
  function onIOErrorHandler(e:IOErrorEvent):void {
      trace("There was an error with the xml file "+e);
  function onXMLLoaded(e:Event):void {
      trace("the rss feed has been loaded");
      xml = new XML(loader.data);
      // set to string, since it is passed back from php as an object
      xml = XML(xml.toString());
      xml_txt.text = xml;
  PHP (loadXML.php in www.domain1.com):
  <?php
  header("Content-type: text/xml");
  $location = "";
  if(isset($_GET["location"])) {
      $location = $_GET["location"];
      $location = urldecode($location);
  $xml_string = getData($location);
  // pass the url encoded vars back to Flash
  echo $xml_string;
  //cURLs a URL and returns it
  function getData($query) {
      // create curl resource
      $ch = curl_init();
      // cURL url
      curl_setopt($ch, CURLOPT_URL, $query);
      //Set some necessary params for using CURL
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     //Execute the curl function, and decode the returned JSON data
      $result = curl_exec($ch);
      return $result;
      // close curl resource to free up system resources
      curl_close($ch);
  ?>

  I think you might be right about permissions/settings on the server for php. Unfortunately I'm not allowed to adjust them.
  So I wrote my own script - this time I used file path instead of http address of the XML file.  It works fine in my case.
  Here it is:
  XML file on domain2.com:
  <?xml version="1.0" encoding="UTF-8"?>
  <gallery>
      <image imagePath="galleries/gallery_1/images/1.jpg" thumbPath="galleries/gallery_1/thumbs/1.jpg" file_name= "1"> </image>
      <image imagePath="galleries/gallery_1/images/2.jpg" thumbPath="galleries/gallery_1/thumbs/2.jpg" file_name= "2"> </image>
      <image imagePath="galleries/gallery_1/images/3.jpg" thumbPath="galleries/gallery_1/thumbs/3.jpg" file_name= "3"> </image>
  </gallery>
  swf  on domain1.com:
  var imagesXML:XML;
  var variables:URLVariables = new URLVariables();
  var varURL:URLRequest = new URLRequest("MyPHPfile.php");
  varURL.method = URLRequestMethod.POST;
  varURL.data = variables;
  var MyLoader:URLLoader = new URLLoader;
  MyLoader.dataFormat =URLLoaderDataFormat.VARIABLES;
  MyLoader.addEventListener(Event.COMPLETE, XMLDone);
  MyLoader.load(varURL);
  function XMLDone(event:Event):void {
      var imported_XML:Object = event.target.data.imported_XML;
      imagesXML = new XML(imported_XML);
     MyTextfield_1.text = imagesXML;
     MyTextfield_2.text = imagesXML.image[0].attribute("thumbPath");  // sample reference to attribute "thumbPath" of the first element
  php file on domain1.com:
  <?php
  $xml_file = simplexml_load_file('../../domain2.com/galleries/gallery_1/MyXMLfile.xml');  // directory to XML file on the same server
  $imported_XML = $xml_file->asXML();
  print "imported_XML=" . $imported_XML;
  ?>
  Regards
  PS: for those who read the above discussion: the first and the second script work but you must test which one is better in your situation. The first script will also work between two domains on different servers. No cross domain policy file needed.

• Cross domain policy issues

  I am attempting to communicate with a web service via flash
  across sub domains. All works fine and dandy on my local machine,
  but when i upload to my web server there is no communication across
  the domains. The way the servers are configured, i don't have
  access to the root of the domain to place the crossdomain.xml in
  the default location, so i have it in the folder next to the web
  service and link to it directly shown below. I have this line on
  the first frame of the first layer of my file
  quote:
  System.security.loadPolicyFile("MYDOMAIN/StudentConnect2Apply/crossdomain.xml");
  The server containing the flash file is insecure and the web
  service is secure (https). this is what my crossdomain.xml file
  looks like:
  quote:
  <cross-domain-policy>
  <allow-access-from domain="*.MYDOMAIN.net"
  secure="false"/>
  </cross-domain-policy>
  I have also enabled logging within my flash player to track
  down problems, when i initially load the page in the browser, it
  approves the policy file:
  quote:
  OK: Policy file accepted:
  https://MYDOMAIN/StudentConnect2Apply/crossdomain.xml
  But after submitting the form and attempting to interact with
  the web service, i get an error saying permission is denied due to
  lack of policy file permissions and
  quote:
  Warning: Failed to load policy file from
  MYDOMAIN/crossdomain.xml
  It is looking in the root of the domain after i defined and
  it accepted the overridden location. Is there another way to define
  where the crossdomain.xml file is located that i am missing,
  possibly in the web service settings somewhere?

  I have found my answer, thanks to another forum.
  Meta-Cross Domain Policies.
  http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_03.html
  Basically I can now say "f*ck you adobe. I as a college
  student who likes to host things on my 150 MB of server space can
  no longer host XML formatted levels for games I write. Because I am
  not the administrator of the server and will never be able to
  convince the administrator to let me have the MCDP file allow my
  flash file to load it's levels."
  F*ck you Adobe, F*ck You.

• Cross domain policy file and BitmapData

  Hey guys and gals, I'm having an issue with a Security error
  when trying to access photos from an external site. I have a client
  who is at siteA.com, who wants to load in photos from siteB.com,
  siteC.com, and probably 100 other sites. He has permission to do so
  from the other sites, but doesn't want to go through all the
  trouble of asking each site to post a cross-domain policy file.
  Please correct me if I'm wrong, but the way I understand it is, if
  you want to simply load an image into a Loader object within a swf,
  you're ok, but if you want to access the BitmapData, you will then
  get a security error? My snippet of code that I believe is causing
  the security error is
  public function imageLoaded(e:Event):void {
  var image:Bitmap = Bitmap(e.target.loader.content);
  image.smoothing = true;
  imageContainer.addChild(e.target.loader);
  As you can tell, the reason why I want to access the Bitmap
  itself is to apply smoothing. That is my main concern, I want to be
  able to apply smooth transitions to these pictures that are loaded
  in from external sites. My main goal is to load images externally,
  then apply smooth transitions, so if you know of a way to get
  around the security violations, that would be great. The only
  work-around we have for this is to write a script that will load
  all the images from the external sites onto the local server, as
  this will be less work than getting the cross-domain policy file on
  each server (if that's what it takes). Thanks in advance for
  anybody who can shed some light on the subject.

  If I understand you correctly, a 'helper' swf would be on the
  site where the images are held, much like a cross-domain policy
  file? I don't understand how that would be much different than
  getting the external sites to add a cross-domain policy file on
  their server. It sounds easier to just throw the cross-domain
  policy file on the external site's server with '*' for the path of
  allowed directories to load images from. I'm pretty new to the
  cross-domain security issue, so I'm not sure. I don't understand
  why it's a security risk to access the pixels of an image either...
  anybody know about that? Just trying to figure out where to go from
  here on this project. Thanks for the reply GWD, still looking for
  some more feedback.

• I am developing a flex web application which needs to access Other domain ,is there any other way other than cross domain policy available ? please help

  i am developing a flex web application which needs to access Other domain (Payment Gateway API),is there any other way other than cross domain policy available ? please help.
  we donot have access other domain thats why we want other solution..

  All the paths to CFCs are the same in my live production site.  Can you be more specific as to what you mean by "RemoteClass aliases in your AS Classes and CFCs (if any) are correct."?  How will the app know that the CFC is on http://myLiveSite.com instead of http://myDevSite.com?  The only line of code that I have noticed that points to a URL is the endpoint in a file called _Super_XXX.as.  And at the top of that file it says that the file is not meant for editting.
  To clarify...I see your app/code all exists on a server access via a web browser so I can understand that everything still works when deployed.  Mine is a mobile app so when I am developing and testing on my local computer the URL points to my local development machine.  However when I deploy it to a mobile device like a tablet and run the app, it needs to be able to access a cfc on a remote server via a different URL ie. my http://myLiveSite.com/myCFC.cfc instead of http://localhost/myCFC.cfc
  Thanks for your help!  I will now take a look at your thread.
  Message was edited by: ace0215

• Spry JSONDataset and IE8 cross domain policy

  Hi,
  I'm using Spry JSON Dataset to retreive feeds of JSON data from Google Picasa and then show the results on our photo page. Works fine in Firefox but not in IE8. Is this a cross domain issue or is something else happening to stop the page rendering the spry regions in IE8? I know IE8 can be quite fussy at times.
  Debug tools in IE8 not the best (give me firebug any time)
  Page is here www.thehmc.co.uk/photonew.html
  Phil

  Hi,
  Now I've had time to play and got my head around what JSON-P really means - I've come up with a lightweight solution. Arnout thanks for your input as that sent me off on the right track.
  I noticed that Google can provide the JSON string wrapped in a callback function - see format below
  http://picasaweb.google.com/data/feed/api/user/thehmc.co.uk?kind=tag&alt=json-in-script&ca llback=testit&hl=en_GB
  Firstly I define my Spry JSONDataset as before but don't give it an url to load the data from
  var dsTags = new Spry.Data.JSONDataSet(null,{path:"feed.entry",  subPaths:["title","gphoto$weight"],sortOrderOnLoad: "ascending", sortOnLoad: "title.$t"} );
  So introducing the function below, which dynamically adds a script to the document body pointing top the url you pass it
  function makeRequest(sUrl) {
          var oScript = document.createElement("script");
          oScript.src = sUrl;
          oScript.async = true
          var done = false;
          oScript.onload = oScript.onreadystatechange = function()
              if ( !done && (!this.readyState || this.readyState === "loaded" || this.readyState === "complete") )
                done = true;
                 oScript.onload = oScript.onreadystatechange = null;
                 if ( oScript && oScript.parentNode )
                  oScript.parentNode.removeChild( oScript );
          document.body.appendChild(oScript);
  and then calling it, passing the url to the Google feed
  makeRequest("http://picasaweb.google.com/data/feed/api/user/thehmc.co.uk?kind=tag&alt=json-in-script&ca llback=testit&hl=en_GB");
  Function testit(root)
      dsTags.setDataFromDoc(root);
  Since the JSON string is already converted to a JSON object when it arrives at the callback function I had to change the JSONDataset function as below to not to try and parse if already an object
  Spry.Data.JSONDataSet.prototype.loadDataIntoDataSet = function(rawDataDoc)
      if (this.preparseFunc)
          rawDataDoc = this.preparseFunc(this, rawDataDoc);
      var jsonObj;
      if (typeof rawDataDoc == "object")
          jsonObj = rawDataDoc;
     else
          try    { jsonObj = this.useParser ? this.parseJSON(rawDataDoc) : eval("(" + rawDataDoc + ")"); }
          catch(e)
              Spry.Debug.reportError("Caught exception in JSONDataSet.loadDataIntoDataSet: " + e);
              jsonObj = {};
  This works a treat in IE8 and Firefox.
  I can see that your YQL version will be more flexible in terms of the number of feeds it'll be able to provide in JSON format but for now I just need this for Google Picasa.  Ideally I'd like a YQL version that retrieves the JSON string and then passes it to a user defined callback function to do with what it wants.
  I need to change my other JSON datasets but otherwise the page will be good to go soon enough.
  Cheers for your inputs
  Phil

• Error publishing SSRS Report in Dynamics AX 2012 Enterprise Portal

  Good morning.
  I have a problem ad i'll appreciate so much your help. I made a SSRS Reporting project with Business Intelligence Development Studio (through the template "Business Intelligence --> Report Server Project). Once deployed to report server, the report
  successfully works. I Want to publish this report in Dynamics AX 2012 Enterprise Portal, through the web part "SQL Server Reporting
  à SQL Server Reporting Services Report Viewer", but when i select the .rdl file from the list, i receive the following error:
  An error occurred during local report processing.
  An error has occurred during report processing.
  Cannot create a connection to data source 'DataSource1'.
  An attempt has been made to use an unregistered data extension, 'OLEDB-MD'. To use this data extension, it must be registered in the Web.config file of this Web application.
  I've Checked the config file and the specified handler is correctly set. I read in a forum that the problem may be caused by the fact that the database of the report server is set as "Native" instead of "Sharepoint Integrated". Is it
  possible? just in case, there's the possibility to display a ssrs report in EP in "native mode"?
  Thank you so much in advance
  Simone

  Hi Katherine.
  Thank you so much for your reply. You understood perfectly what I mean. I followed the instructions in the document, but the installation of te .cab file won't work. I tried with the Sharepoint Management Shell and with STSADM.EXE, but in both cases i receive
  an error like this:
  PS C:\> Install-SPWebPartPack -LiteralPath "C:\Program Files (x86)\Microsoft SQL
   Server\110\Tools\Reporting Services\SharePoint\RSWebParts.cab" -GlobalInstall
  Confirm
  Are you sure you want to perform this action?
  Performing operation "Install-SPWebPartPack" on Target "C:\Program Files
  (x86)\Microsoft SQL Server\110\Tools\Reporting
  Services\SharePoint\RSWebParts.cab".
  [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
  (default is "Y"):y
  Install-SPWebPartPack : Failed to extract the cab file in the solution.
  At line:1 char:1
  + Install-SPWebPartPack -LiteralPath "C:\Program Files (x86)\Microsoft SQL
  Server\ ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ~~~
      + CategoryInfo          : InvalidData: (Microsoft.Share...tallWebPartPack:
     SPCmdletInstallWebPartPack) [Install-SPWebPartPack], SPException
      + FullyQualifiedErrorId : Microsoft.SharePoint.PowerShell.SPCmdletInstallW
     ebPartPack
  PS C:\>
  I checked the directory and the .cab file is in the right position. Am I doing something wrong?
  Thanks a lot in advance.
  Simone

• Error Provisioning the Federated roles from CUP to enterprise portal

  Hi Gurus,
  Need help. I am trying to provision the roles to enterprise portal using GRC CUP. I have created the connectors and field mapping and the connection is successful. We have a enterprise portal with producer consumer relation ship. The Enterprise portal acts as consumer for the BI portal. The BI portal Roles are federated to Enterprise portal and i get an error "noSuchIdentifier" when I try to provision the federated BI Portal role on the Enterprise portal. I can successfully provision the local portal roles and UME roles on the enterprise portal. I get the error only when trying to provision the roles which are from BI portal.
  Appreciate any help, in this regards.
  Thanks,
  Pavan

  Hi Alma,
  This is one of the security issue.We had faced it sometime back.We searched some CSN's and found a solution.
  Go to Service Market palce and download the latest Cryptographic Tool kit (Service Market place---->software downloads)
  You will get a sca/sda something like tc/iaik./security(something like this)
  Deploy this on to your instance using your SDM.
  After that,Restart the Portal patching.It will go fine.
  reward points if helpful................

• Error when configuring Web Dispatcher for SSL with Enterprise Portal

  We are in the process of configuring the Web Dispatcher using SSL to connect to our Enterprise Portal (the Web Dispatcher will be in the DMZ).  We have followed all of the help.sap.com guides and now have SSL listening on the EP side (port 8103).  We are now receiving this strange certificate error when we start the Web Dispatcher:
  [Thr 5332] Tue Mar 20 00:36:23 2007
  [Thr 5332]   MatchTargetName("<FULLY QUALIFIED HOSTNAME>", "CN=XXX, OU=XXX, O=XXXX, C=XX") FAILS
  [Thr 5332]   SSL socket: local=<IPADDRESS>:4742  peer=<IPADDRESS>:8103
  [Thr 5332] <<- ERROR: SapSSLSessionStart(sssl_hdl=009D7670)==SSSLERR_SERVER_CERT_MISMATCH
  [Thr 5332] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn.c 2005]
  [Thr 5332] *** ERROR => IcmConnClientRqCreate() failed (rc=-14) [icrxx.c      4919]
  [Thr 5332] *** ERROR => Could not connect to SAP Message Server at <FULLY QUALIFIED HOST NAME>. URL=/msgserver/text/logon?version=1.2 [icrxx.c      2301]
  [Thr 5332] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c      2302]
  [Thr 5332] *** ERROR => see also OSS note 552286 [icrxx.c      2303]
  We have gone through the trouble shooting note 552286 as listed in the error above.  Any assistance is appreciated.

  Hello, did you receive any resolution for this problem?  We are receiving a similar error and I am unsure of how to resolve.

• Error while calculating SPS for NW 7.3 Enterprise Portal

  Hello,
  I have a Solution Manager 7.01 SPS 28 (ST     400     0028     SAPKITL438     SAP Solution Manager Tool)
  I want to download via MOPZ the newest SPS for NW 7.3 with Enterprise Portal.
  I configured the SLD on the NW 7.3 side successfully.
  The NW 7.3 transmitted the data to the SMSY.
  I can create the system also successfully in the "Product Systems" and "Technical Systems"
  and also created successfully the "Logical Components" and can assign to a "Solution"
  When I try to calculate the SPS automatically for the NW 7.3 Enterprise Portal, the following
  error Messages appears.
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Process Integration not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 PDF Export not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Advanced Adapter Engine Extnd not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Demo Applications not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 BPM not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 NWDS Update Site JEE not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Composition Platform not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Guided Procedures not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Enterprise Services Repository not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Composite App. Framework not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 AS Java Extensions not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 PI Adapter Engine (Java EE) not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 EP Core - Application Portal not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Composition Voice not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Central Process Scheduling not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Mobile not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 BI Java not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Business Intelligence not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 PI Partner Connectivity Kit not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Development Infrastructure not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Adobe Document Services not assigned!  Display Help
  System P73: Installed Product Instance SAP NETWEAVER 7.3 Application Server ABAP not assigned!  Display Help
  Can anybody please help me ?
  Best regards
  Alex

  Hello Alexander,
    I was having a similar problem, but only with the abap-related NW 7.3 components.
    Please check the following note: Note 1595918 - JSPM: Validation fails due to mismatch at software features
     Do a backup of your BC_SL_SWFEATURE, delete those components you don't have, according to the usage types you have installed.
     In the portal, go to NWA -> Configuration -> Infrastructure -> SLD Data Supplier Configuration and click "Send and Collect Data".
    Verify that the data is refreshed in your SLD.
    In the SMSY,  unassign the system from all the logical systems, delete the system, delete the technical java component and run the Setup System Landscape to create the system from your SLD.
    After the system is generated, assign it to your Logical Component and try again.
     Or, instead of deleting / creating the system, maybe you can just refresh it using the steps from the note Note 1468559 - SMSY: Single system update from SLD
    Regards

• Cross-Domain Policy File

  I just made an IRC client for Android + iOS, and now I'm having issues porting it to the browser.  I've built flash games where the server hosts the Policy Domain File, obviously with an IRC client that's not going to happen in all instances.
  I'm wondering why the browser version can run perfectly fine under CS6's debug mode, but when it's been deployed to the browser it can't seem to connect?  What settings would I have to do [if at all possible] to replicate this debug mode [in CS6] inside the browser?
  Thanks!

  In the browser, are you running it via Flash Player or are you making an AIR for web app?
  The browser is the strictest sandbox Flash can run in. The infamous #2048 is a generic security violation. You're doing something your current sandbox doesn't allow. The most obvious thing to verify is on the SWF output settings make sure your sandbox is set to access network files, not access local files. Otherwise you'll get that error.
  Outside that it's going to be looking for a socket policy file. I won't even get into creating these because your endpoint is an IRC server. Unless you're running your own IRC server you're not going to get some IRC server host to install a socket policy file for you so that point is moot. Without the socket policy file you're in some tough territory that will require some advanced debugging.
  My suggestion would be to get Fiddler so you can actually see the request and response packets being sent to and from Flash inside your browser. You will definitely see Flash make a request and the response will give you clues on what's happening just before you receive the #2048 security error. You may see it request the policy file and then the server returns nothing or an invalid response and then Flash gives you the error. If that happens you may be out of luck.
  Here's fiddler (I'd update your .NET to the latest and use V4 instead of V2):
  http://www.fiddler2.com/fiddler2/version.asp
  Here's another Adobe post of someone having a #2048 error while using fiddler to diagnose it:
  http://forums.adobe.com/message/4668901#4668901
  The fiddler site has some documentation. It's a pretty great tool for analyzing packet traffic (using the "select process" target will limit the packets to a browser you select (or any other app)). You may need to enable decrypting HTTPS traffic if you're using a SecureSocket. There's all instructions there on helping you diagnose and watch the inner workings of all requests/responses to track down the issue quickly.
  Lastly I would uninstall Fiddler after you're done with it and reinstall it later when you need it. Especially if you enable HTTPS decryption. It must install some fake certificates to allow itself to intercept traffic. You'll just clutter up your certificates with junk certs if you keep fiddler installed. It's a very quick install/uninstall and the software itself is very widely used and regarded. It's not a trust thing, it's a cleanliness thing.

• Cross Domain error for Silverlight + MVC application with self hosted WCF service on azure

  Hi,
  We are migrating existing Silverlight application to MVC; existing Silverlight application is hosted on
  Azure which is consuming self-hosted WCF service. For authentication we have implemented
  ADFS with WIF (passive). The cloud service (<myWebSite>.cloudapp.net) is C Name to (<myWebSite>.<myDomain>.com) and we 
  are consuming  WCF service at <myWebSite>.cloudapp.net/<myService>.svc, as we were getting “Cross Domain” error so we have added “clientaccesspolicy.xml” at the root of “WEB ROLE”.
  Existing Silverlight application works fine but the problem occurred when we deploy our migrated application to the same cloud service. We are getting a “Cross Domain” error.
  The same migrated application works fine on UAT environment, the only difference is UAT environment is
  without ADFS WIF implementation.
  Migrated application is half Silverlight and half MVC with initial landing page is Silverlight. MVC web role is used to host the service i.e. .SVC . To go to SL landing page , redirected from home controller. Following is being observed in fiddler for this
  application
  Existing Silverlight application -
  After authentication with ADFS it redirect to Silverlight landing page.
  Before calling service method it looks for “clientaccesspolicy.xml”
  In response header we are getting the content of “clientaccesspolicy.xml”
  And after this everything works fine
  Migrated Silverlight-MVC application –
  After authentication with ADFS it redirects to “HomeController” and from there we are redirecting to Silverlight landing page.
  Before calling service method it looks for “clientaccesspolicy.xml”
  In response header we are getting  following content - “https://federation-sts.<myDomain>.com/adfs/ls/?wa=wsignin1.0&amp;
  wtrealm=https%3a%2f%2f<myWebSite>.<myDomain>.com&amp;
  wctx=rm%3d0%26id%3dpassive%26ru%3d%252fclientaccesspolicy.xml&amp;wct=2014-03-17T10%3a36%3a04Z”
  4.Throw “Cross Domain” error.
  Also we have added filter in
  RouteConfig
  for .xml file
  routes.IgnoreRoute("{*allxml}",
  new { allxml = @".*\.xml(/.*)?" });
  NOTE: There is no configuration change apart from MVC configuration.
  We have done RDP to web role and found that “clientaccesspiolicy.xml” is present at “E:\approot” location and it is also accessible at “https://<myWebSite>.<myDomain>.com/clientaccesspolicy.xml”.
  Please help
  Thanks,
  Rahul P

  Hi,
  Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
  http://something/clientaccesspiolicy.xml directly in a browser
  without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
  not logged in. Then test the cross domain policy file.).
  Best Regards,
  Ming Xu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Cross domain error while displaying .SWF files in  portal

  Hi Experts,
  i am working on EP ,
  i am trying to display a .swf file in a iview but that file is  giving an error as
  Add a cross domain policy file to the external data web server
  this swf file is retriving data from BI system.
  Please suggest !!
  i got a solution of putting a crossdoaim.xml file in root directory but thats not possible

  I think two urls will work for you:
  Xcelsius SWF with QaaWS through SSL: Cannot access external data
  http://livedocs.adobe.com/flex/3/html/help.html?content=security2_04.html

• Safari cross domain error

  I tired to access a web site via Safari that I previously was able to access; however, now I get the following message: "Cross Domain Error: Cross domain is not supported by this browser." Is there a plug-in or something else that would allow me access the site?

  Hi,
  Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
  http://something/clientaccesspiolicy.xml directly in a browser
  without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
  not logged in. Then test the cross domain policy file.).
  Best Regards,
  Ming Xu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Cross domain scripting: error #2048

  Hi,
  This is my first entry in this forum but I already found a lot of answers by browsing it. However, altough many references seem to solve the problem I'm hurting on, it doesn't seem to work for me...
  Now, here's the case:
  I made a flash web site that will be hosted on an external web server (let's call it server «www.external.com»).
  My flash needs to get some info from my internal server (let's call it «www.internal.com»).
  On «www.internal.com», I don't have access to the root, only to the folder «myfolder» so my website reads like this: «www.internal.com/myfolder».
  Being aware of some sandbox security issues, I made a crossdomain.xml file and uploaded it to «www.internal.com/myfolder/crossdomain.xml» to provide acces to «www.internal.com/myfolder» from «www.external.com» wich is the following:
  <?xml version="1.0"?>
  <cross-domain-policy>
       <allow-access-from domain="www.external.com" />
       <allow-http-request-headers-from domain="www.external.com" headers="*"/>
  </cross-domain-policy>
  In my flash, there is the code i use to retrieve my info:
  Security.loadPolicyFile("http://www.internal.com/myfolder/crossdomain.xml");
  var myData:URLRequest = new URLRequest("http://www.internal.com/myfolder/myapp/datarequest.cfm");
  var loader:URLLoader = new URLLoader();
  loader.load(myData);
  That's where I get the raging error #2048 in an error #2044 telling me this (excuse the french, my player and I use this language):
  Error #2044: securityError non pris en charge : text=Error #2048: Violation de la sécurité Sandbox : http://www.external.com/flashapp.swf ne peut pas charger de données à partir de http://www.internal.com/myfolder/myapp/datarequest.cfm.
  According to what I saw and read, loading a policy file should allow me to access info. Once I read that the crossdomain.xml file absolutely had to be on the root of the web server, unfortunately, I don't have access to the root.
  There surely is something wrong with what I am doing, anyone has a thought?
  Thanks in advance and sorry for the long message...

  just a guess here - it looks mainly as though you are on the right track, and you are correct if you so not have access to the root, then you must target the crossdomain.xml location as you have specified.
  the one thing i don't see that you have listed here is a call to:
  Security.allowDomain("www.external.com");
  which *might* be the issue