• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 273
  • Last Modified:

crossdomain.xml question

I am writing a Flex application which uses http://localhost" as the domain for the url when I make mx:HTTPRequest server calls.

Given the above setup, my goal is to allow a workstation within my LOCAL network to access the application by using the server's local IP address, which is 192.168.1.105. When I use that IP though to access my application making a mx:HTTPRequest call gives me this error message:

faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'

That sounds to me like a domain security issue, something which Flash forbids unless I create a crossdomain.xml that specifically lists domain names permitted to access my data. So I created a crossdomain.xml that looks like this:

<cross-domain-policy>
    <allow-access-from domain="*"/>
</cross-domain-policy>

I put my crossdomain.xml at the web root, which is c:/Tomcat5/webapps/myApp/crossdomain.xml. From what I've read, the above should allow any other domain to access my application's data.

But no, when I try to access my application using http://192.168.1.105/lmyApp, I still get the same error message.

Can anyone please tell me what I am doing wrong?

My ultimate goal is to be able to access my application from anywhere in the world as well as from within my network without having to worry about what domain I use in the URL (i.e., be it http://localhost/myApp, or http://192.168.1.105/myApp, or even by IP such as http://73.22.365.253/myApp).

This is really important to me, so I would appreciate any help anyone can provide. Thanks.
0
elepil
Asked:
elepil
2 Solutions
 
FlassariCommented:
This doesn't look like your every day crossdomain error.
When you are loading other files in your movie, try adding the current security domain to the loader context:

myLoaderSomething.load(myUrlRequest, new LoaderContext(false, ApplicationDomain.currentDomain, SecurityDomain.currentDomain));
0
 
DeasilCommented:
You could try opening up just about everything possible - but remember that cross domain policies are there to provide security!  If you are confident about this, open up the ports as well by doing something like this in your XML file...

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" to-ports="*" />
   <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

Once you have satisfied yourself that it is working properly, try tightening things back up progressively by being more specific about the domains you allow.

If this doesn't work, then it may be that something in your code is specifically forbidden by the security sandbox type you are using when you compile your app.  Sorry, I am a Flash IDE man, and know not a lot more than nowt about Flex but I suspect it will be a similar set of restrictions.  The documentation of this is pretty complex but basically these security restrictions are made so that people can't put malicious code into flash/flex apps which access simultaneously file and web server systems within a network, which once you start thinking about it makes a great deal of sense (e.g. you don't want an app on a server which has a quick look through your MyDocuments folder and reports back to Hacker HQ whilst you're watching an animation of a fishtank!)

Also be careful, whilst I think about it, that you are not 'cross scripting'.  This happens when you add code to an swf from another swf.  In some cases this is allowed, but again, for obvious reasons it is not a great idea and it's almost never necessary anyway IMO.

The best guide to all of this I have found is in Colin Moock's 'Essential AS3' which provides tables showing exactly what is permitted and what isn't, and which methods invoke security restrictions in pretty plain English rather than Adobe-speak.  It's a very useful volume to add to your bookshelf if you are a Flash or Flex coder (and no, I am not on commssion :)

Hope this helps

D.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now