crossdomain.xml question

I am writing a Flex application which uses http://localhost" as the domain for the url when I make mx:HTTPRequest server calls.

Given the above setup, my goal is to allow a workstation within my LOCAL network to access the application by using the server's local IP address, which is When I use that IP though to access my application making a mx:HTTPRequest call gives me this error message:

faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'

That sounds to me like a domain security issue, something which Flash forbids unless I create a crossdomain.xml that specifically lists domain names permitted to access my data. So I created a crossdomain.xml that looks like this:

    <allow-access-from domain="*"/>

I put my crossdomain.xml at the web root, which is c:/Tomcat5/webapps/myApp/crossdomain.xml. From what I've read, the above should allow any other domain to access my application's data.

But no, when I try to access my application using, I still get the same error message.

Can anyone please tell me what I am doing wrong?

My ultimate goal is to be able to access my application from anywhere in the world as well as from within my network without having to worry about what domain I use in the URL (i.e., be it http://localhost/myApp, or, or even by IP such as http://73.22.365.253/myApp).

This is really important to me, so I would appreciate any help anyone can provide. Thanks.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This doesn't look like your every day crossdomain error.
When you are loading other files in your movie, try adding the current security domain to the loader context:

myLoaderSomething.load(myUrlRequest, new LoaderContext(false, ApplicationDomain.currentDomain, SecurityDomain.currentDomain));

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
You could try opening up just about everything possible - but remember that cross domain policies are there to provide security!  If you are confident about this, open up the ports as well by doing something like this in your XML file...

   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" to-ports="*" />
   <allow-http-request-headers-from domain="*" headers="*"/>

Once you have satisfied yourself that it is working properly, try tightening things back up progressively by being more specific about the domains you allow.

If this doesn't work, then it may be that something in your code is specifically forbidden by the security sandbox type you are using when you compile your app.  Sorry, I am a Flash IDE man, and know not a lot more than nowt about Flex but I suspect it will be a similar set of restrictions.  The documentation of this is pretty complex but basically these security restrictions are made so that people can't put malicious code into flash/flex apps which access simultaneously file and web server systems within a network, which once you start thinking about it makes a great deal of sense (e.g. you don't want an app on a server which has a quick look through your MyDocuments folder and reports back to Hacker HQ whilst you're watching an animation of a fishtank!)

Also be careful, whilst I think about it, that you are not 'cross scripting'.  This happens when you add code to an swf from another swf.  In some cases this is allowed, but again, for obvious reasons it is not a great idea and it's almost never necessary anyway IMO.

The best guide to all of this I have found is in Colin Moock's 'Essential AS3' which provides tables showing exactly what is permitted and what isn't, and which methods invoke security restrictions in pretty plain English rather than Adobe-speak.  It's a very useful volume to add to your bookshelf if you are a Flash or Flex coder (and no, I am not on commssion :)

Hope this helps

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Adobe Flash

From novice to tech pro — start learning today.