> In my experience, Flex Builder "Debug" swfs have the same are subject > to the same crossdomain access restrictions that production swfs have. > > I'm a bit suspicious of the claim that this is not the case.
I think what is being said (if I'm understanding correctly) - running FB3 to load external XML (RSS, APIs, etc) - the security does not exist - crossdomain policy files are not required when running a SWF through FB3. However, when you deploy to "production", crossdomain policy files ARE required. That being said - I think the issue lies with - why when we run test in development no security is required, but then to run the same application from a "production" site (running the swf in anything other than FB3 test). I (or anyone) may develope a fully functional site in FB3, thinking every thing is "hunky dory", then move the SWF to production and "crash" - no crossdomain.xml file... then, as a developer I have to either 1) contact the publisher of the RSS, API, etc I'm trying to load, and ask them to kindly put up a crossdomain.xml policy file - which isn't likely to happen... or 2) Redevelop how my application loads data (no small thing). It kinda sucks I have to develop around an issue that doesn't exist in development but does in production. I understand the security concerns, but I think it's more on the side of - if I can do it in dev, why can't I do it in production? It'd be nice to at least be able to tell FB3 the app I'm developing will be loading from a site I have no control over which may or maynot have a crossdomain policy file... (ching, ching - my 2 cents)...