Flex: Security error accessing url

[RPC Fault faultString=”Security error accessing url” faultCode=”Channel.Security.Error” faultDetail=”Destination: DefaultHTTP”]

As you already know flex applications have a strict security policy. You can look at this site for more information.

Flash player normally does not let your application to access to some resources (assets, web services etc) in another domain. Your domain is where you publish your flash/flex application. This sandbox also prohibits your web application from accessing local files/resources of the client. While there is no way to bypass the second one -imho-, you can enable your application to access resources in another domain.

You can do this using crossdomain.xml file. That file should be at the root of your application. You can configure which domains your application can or can’t access. Also you can configure this by actionscript.

Typical crossdomain.xml file looks like this:

<?xml version=”1.0″?>
<!DOCTYPE cross-domain-policy SYSTEM “http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd”&gt;
<cross-domain-policy>
<allow-access-from domain=”*” />
<allow-http-request-headers-from domain=”*” headers=”*”/>
</cross-domain-policy>

First entry lets your application to be reached from all domains. Sometimes you don’t want this for security reasons. You can replace * with *.yourdomain.com or http://www.yourdomain.com or else.

The second one, as the name implies, lets your application to accept request headers from any domain. While I’m using RESTful services of another domain, I need the second one. But as I said before, using * wildcard is not a good idea. Restrict these options as much as you can.

Also you can do this using Actionscript. You can call that method at initialization step of your application and you are good to go:

// (Loader) Application initialization
public function initApp():void
{
Security.allowDomain( “*” );

}

Have a good day…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s