author: Krasimir Tsonev

Hi there, I'm . Senior front-end engineer with over 13 years of experience. I write, speak and occasionally code stuff.

Security sandbox violation error even with crossdomain.xml

Again, a very nice surprise by Adobe. I have a flex application which makes cross-domain requests to another server holding REST API. There is a crossdomain.xml file, but the request still doesn't work.
I got
#2170: Security sandbox violation: http://mysite.com/project.swf cannot send HTTP headers to http://remoteserver.com/api/method/.
The policy file looks like that:
	<?xml version="1.0"?>
	<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
	<cross-domain-policy>
		<allow-access-from domain="*" />
	</cross-domain-policy>
	
But it should contains this:
	<?xml version="1.0"?>
	<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
	<cross-domain-policy>
		<site-control permitted-cross-domain-policies="all"/>
		<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
		<allow-access-from domain="*" secure="true" /> 
	 </cross-domain-policy>
	</pre>
  Once I updated the file everything works.
If you enjoy this post, share it on Twitter, Facebook or LinkedIn. Or maybe comment below: