Security sandbox violation error even with crossdomain.xml

Blog/ActionScript · 2013-06-26 · http file security sandbox violation

Again, a very nice surprise by Adobe. I have a flex application which makes cross-domain requests to another server holding REST API. There is a crossdomain.xml file, but the request still doesn't work.

I got

#2170: Security sandbox violation: http://mysite.com/project.swf cannot send HTTP headers to http://remoteserver.com/api/method/.

The policy file looks like that:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <allow-access-from domain="\*" />
</cross-domain-policy>

But it should contains this:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
    <site-control permitted-cross-domain-policies="all"/>
    <allow-http-request-headers-from domain="\*" headers="\*" secure="true"/>
    <allow-access-from domain="\*" secure="true" /> 
 </cross-domain-policy>
</pre>

Once I updated the file everything works.