Security sandbox violation error even with crossdomain.xml

Blog/ActionScript · 2013-06-26 · http, file, security sandbox violation

Again, a very nice surprise by Adobe. I have a flex application which makes cross-domain requests to another server holding REST API. There is a crossdomain.xml file, but the request still doesn't work.

I got

#2170: Security sandbox violation: http://mysite.com/project.swf cannot send HTTP headers to http://remoteserver.com/api/method/.

The policy file looks like that:

	<?xml version="1.0"?>
	<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
	<cross-domain-policy>
		<allow-access-from domain="*" />
	</cross-domain-policy>

But it should contains this:

	<?xml version="1.0"?>
	<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
	<cross-domain-policy>
		<site-control permitted-cross-domain-policies="all"/>
		<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
		<allow-access-from domain="*" secure="true" /> 
	 </cross-domain-policy>
	</pre>
  Once I updated the file everything works.