RE: [flexcoders] "SECURITY ERROR ACCESING URL" calling a web service

Thu, 12 Jun 2008 13:40:34 -0700 

>From an earlier post:

 

The latest version of the Flash Player, 9.0.124.0, contains security
changes that will break your WebService calls.  There is a lot of info
available about this, but here is a quick fix.  NOTE: This example is
insecure.  Consult with a security expert, or become one yourself,
before working with a production environment.

Add this to your crossdomain.xml file:

<allow-http-request-headers-from domain="*" headers="*" />

Again, the wildcards are not good for a production environment.  But if
you just need to get coding again, this will work.

An additional FYI: this change happened earlier than the current
version, don't know exactly when, but you will also need this (or a more
secure version) in your crossdomain.xml file:

        <site-control permitted-cross-domain-policies="master-only"/>

I do not know really what it means, but it lets me work.

If you need to understand this stuff, the information is available. Here
is a summary link:

http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_
update.html
<http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security
_update.html> 

And here is a link to the big whitepaper.  It was way over my head.

http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_security
.pdf
<http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_securit
y.pdf> 

I wish we could just execute the jerks that make this crap necessary.

Tracy

 

 

________________________________

From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of luis_roman_am
Sent: Thursday, June 12, 2008 4:30 PM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] "SECURITY ERROR ACCESING URL" calling a web
service

 

Hello! The situation is as follows:

** Project in Flex Builder 3
-- Compiled and uploaded to http://www.domain.com/index.html
<http://www.domain.com/index.html> 
(INDEX.SWF)

** Web Service created in ASP.NET that works perfectly if you test it
in Web browsers
-- Compiled and uploaded to
http://subdomain.domain.com/webservice.asmx
<http://subdomain.domain.com/webservice.asmx>  (and its methods)
- crossdomain.xml (Ive tried everything, finally let it open):
<? xml version = "1.0">
<cross-domain-policy>
<allow-access-from domain="*" /> </ allow>
</ Cross>

Does not wor!! And I have sought information here and on the Internet
in general but can not find a solution!!

If anyone can help me. Thanks in advance,
Luis

Reply via email to