We encountered a new error yesterday. One of our clients has a Flex app that retrieves data from a different server over https (which are hosted on a dedicated server separate from the Flex app). Sometimes it worked; sometimes it failed w/the following message:
The following unexpected error has occured: [FaultEvent fault=[RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTPS"] messageId="8A80F18A-13CB-7C33-D013-5729AB4FAF80" type="fault" bubbles=false cancelable=true eventPhase=2]
After Tyler and worked on it for an hour, analyzing it with proxies, etc., we came to the following realization: it only appears when contacting the webservice over https using the latest release of Flash (9.0.124). Previous interations (9.0.115 and earlier) do not suffer from this problem.
What happens is that the crossdomain.xml is requested and downloaded. Normally at this point, we would witness the retrieval of the webservice's wsdl file; but instead nothing happens--the wsdl file is never even requested. Instead this error pops up.
Adobe made some changes to the security sandbox in 124, so we suspect this is where the problem lies. There are new options that can be set in the crossdomain.xml (e.g. <allow-http-request-headers-from>), and we suspect that this is the origin of the problem. Adobe has posted Technote kb403185, which looks like a promising solution.
The short of synopsis is that you cannot make SOAP calls outside the domain where the swf is hosted, without adding the following to the crossdomain.xml policy file:
<allow-http-request-headers-from domain="www.example.com" headers="SOAPAction"/>
So the complete file might look like the following:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<!--This domain can accept the SOAPAction header from a SWF file from www.example.com -->
<allow-http-request-headers-from domain="www.example.com" headers="SOAPAction"/>
</cross-domain-policy>
Justin Everett turned me on to a similar issue caused by 9.0.124, and deserves credit for instigating my thought process.
Aug 12, 2008 at 9:14 PM I am having problems with installation of adobe flash player.
Can you help Please
Sep 18, 2008 at 7:19 AM Great stuff, helped me to get rid of this error in our Flex app!
Thnx!
@Aturpin
LOL
Oct 17, 2008 at 4:08 PM Thank you, that was the exact thing I needed to solve the issue.
Feb 10, 2009 at 5:59 AM thank you! this helped us solve our webservice error
Feb 24, 2009 at 11:25 AM Thanks for posting this! The docs are crap and I have been struggling to understand this error myself.
Great explanation!
Mar 18, 2009 at 2:27 PM What Dan said. I struggled with this forever before I gave up.
Jul 12, 2009 at 6:42 PM Thanks a lot!
I have developed flex application for biggest russian social network. Now my app can exchange data with 2 servers on different domains
Sep 16, 2009 at 10:36 AM Hi,
i am experiencing the same problem,
and did as explained in this blog,
but i am not anle to load the wsdl in swf and still getting "Unable to load WSDL" Error,
any help will be appriciated.
Thank You.
Bhavika
Sep 16, 2009 at 10:38 AM Hi,
i am experiencing the same problem,
and did as explained in this blog,
but i am not anle to load the wsdl in swf and still getting "Unable to load WSDL" Error,
any help will be appriciated.
Thank You.
Bhavika
Nov 4, 2009 at 1:39 AM where do i get more information on this
Nov 13, 2009 at 5:42 AM I often read your blog and always find it very interesting. Thought it was about time i let you know…Keep up the great work
Nov 19, 2009 at 6:58 PM Ah, four hours of troubleshooting and this was just what I needed. Thanks a bunch!
Feb 3, 2010 at 3:02 PM It kind of solved my problem... now I don't have an error when i open the web application on the server. But i still have that problem when i open it on another computer. Any ideas?
Thanx ;)
Feb 4, 2010 at 8:35 AM Hello,
I am having error of cross domain policy. I am working on PHP FlEX project. Due to some reason i want to call one JSP file through HTTPservice. JSP file returns string value value true or false.
But while running the application it gives me channel's security error. I include cross domain policy file. But It is giving the same error.
Will you please help me to solve this problem.
Thanx in advance
Regards,
Pradip Jadhav