Same domain but security error

Question

Hi community,

I am hosting a java service and a flex application on the same server. The flex application accesses the java service. As the flex application loads I get a security error, how can this happen? I thought I do not need a crossdomain.xml when hosting on the same server.

My flex app gets the data via a http service that sends calls to 1.2.3.4:9000/service, the flex application itself lies on 5.6.7.8/test.swf, my crossdomain.xml looks like the following

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"&gt;
<cross-domain-policy>
  <allow-access-from domain="5.6.7.8" to-ports="*"  />
</cross-domain-policy>

It is accessible from 1.2.3.4:9000/crossdomain.xml. Note that everything works when I use domain="*" instead of domain="1.2.3.4"

I hope someone can help me

Sebastian

Answer 1

Are you using Sockets?

In that case you need to serve Policy Files either with your existing Java Server or a standalone one.

http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html

Answer 2

Does 1.2.3.4 represent an IP address? If so I believe you have to use a domain name here not an ip address, otherwise you could have several domains on the same server and bypass the same domain checks.

Answer 3

If your Flex app is on the server with ip 5.6.7.8 you need to allow that ip in the crossdomain for the 1.2.3.4 server. This let's the Flash running from 5.6.7.8 know that 1.2.3.4 allows connections from that specific adress.

If you still have the same problem a quick way to find out what's going on is to use a debug proxy (i like Charles). That way you'll see flash' request for the crossdomain.xml and what the response looks like, most likely the request is going somewhere you didn't expect or the server messes it up somehow.