Whoever invented the Flash security model is an idiot that should be shunned from society. I’m too tired and frustrated to make the complete argument, but here are some tips:
- If the web service you want to access is on HTTPS, you need to host the SWF on HTTPS too.
- The most permissive crossdomain.xml I can figure out how to write is:
<?xml version=”1.0″ encoding=”UTF-8″?>
<cross-domain-policy xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xsi:noNamespaceSchemaLocation=”http://www.adobe.com/xml/schemas/PolicyFile.xsd”>
<allow-access-from domain=”*”/>
<site-control permitted-cross-domain-policies=”all”/>
</cross-domain-policy> - When hosting crossdomain.xml, set “Content-Type” to “text/x-cross-domain-policy”
- Just to be safe, also set “X-Permitted-Cross-Domain-Policies” to “all”
- And set “X-Just-Fucking-Work-Please-Goddamn-You” to “true”. That’s crucial.
After that, it probably still won’t work for you. You can read this extremely long and boring document here:
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html
But don’t bother, because it manages to say utterly fucking nothing in the longest way possible. For more futility, enable Flash logging with the convenient 1842-step process documented here:
If that isn’t inscrutable enough for you, dial up the pain by enable policy file logging (that’s right, let’s give it its own logfile, brilliant!) here:
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_05.html
Then you too can experience the joy of total confusion and anger at the most retarded security model ever invented.
Have you come across the solution to this problem? I’ve been banging my head against this wall for three days now and unfortunately have had the same experience that you describe.
I don’t know how an organization that creates such rock solid solutions as PDF tools and superb image editors can survive with crap development environments and code that looks like same horse dung I worked with over ten years ago! It does explain, however, their retarded approach to security.
I really love the reference to using a XMLSocket server (which appears to be at least an initial requirement) and then no provision or recommendation as to which one to use.
Beautiful! Well Done! Major Kudos! Keep up the good work guys and you’ll beat out the big software giant one of these days!
Problem solved and man did it turn out to be simple!
Many Thanks to George Masters for the great set of eyes and assistance!
Here’s the content of the crossdomain.xml file you need for the most permissive access ever!
I think with enough pain and suffering I did eventually get the above instructions to work; what exactly are you trying to do?
Also, can you post a URL to your super-permissive crossdomain file? Somehow it got lost in translation.
hey guys, I’m another flex developer totally frustrated by the new down the gutter security model of Flash player. I can see that Dave was able to crack it by using the right crossdomain.xml. please please please share it!!!!!!!!!!!! I’m tired of getting endlessly frustrated
lots of advance thanks………