Ok, so I've learned that if I host the SWF on an HTTPS server, then it works. Which brings me to two questions:
1) Is there any way to have an HTTP-hosted SWF access HTTPS resources? 2) Is there any way to have a filesystem-hosted SWF access HTTPS resources? If so, what are the compiler and crossdomain settings I need to use to accomplish this? Thanks! -david PS: I'm posting my lessons as I go to http://bottomupflash.com; feel free to follow along. --- In flexcoders@yahoogroups.com, "David_M_Barrett" <[EMAIL PROTECTED]> wrote: > > What need I do to allow a SWF to access my web service? I have a web service > here: > > https://data.expensify.com > > I've configured it to respond with the absolute maximally-permissive > crossdomain.xml: > > https://data.expensify.com/crossdomain.xml > > HTTP/1.1 200 OK > Content-Type: text/x-cross-domain-policy > X-Permitted-Cross-Domain-Policies: all > Content-Length: 299 > > <?xml version="1.0" encoding="UTF-8"?> > <cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd"> > <allow-access-from domain="*"/> > <site-control permitted-cross-domain-policies="all"/> > </cross-domain-policy> > > I have a SWF I'm hosting on http://127.0.0.1/Expensify.swf. I've configured > my mm.cfg to > enable policy-file logging, and it logs: > > OK: Root-level SWF loaded: http://127.0.0.1/Expensify.swf > OK: Policy file accepted: https://data.expensify.com/crossdomain.xml > Error: Request for resource at https://data.expensify.com/xxxxxxxxx by > requestor from > http://127.0.0.1/Expensify.swf is denied due to lack of policy file > permissions. > > Any clues what I need to do? It was working just fine before, but now is > broken with the > switch to the latest Flash player. > > Basically, how can I configure data.expensify.com to say "really, seriously, > *ANYBODY* > from *ANYWHERE* at *ANY TIME* can call me. *REALLY*." > > -david >