as3 sandbox security violation with http://schemas.xmlsoap.org/soap/encoding/

Question

Hi guys !

I implemented a gSoap c++ webservice-server to be accessed by Flash (as3) Everything runs smooth as long as i test the .swf locally, the .wsdl is loaded fine, and the communication works, even with the server running on an external ip already.

But the moment i put that .swf online - its coming up with sandbox security violations crying about the standard - schemas like that:

Error: [strict] Ignoring policy file at http://schemas.xmlsoap.org/crossdomain.xml 
due to incorrect syntax.  See http://www.adobe.com/go/strict_policy_files to fix this 
problem.

*** Security Sandbox Violation ***
Connection to http://schemas.xmlsoap.org/soap/encoding/ halted - not permitted from 
http://mydomain.com/main.swf
Error: Request for resource at http://schemas.xmlsoap.org/soap/encoding/ by requestor  
from http://mydomain.com/main.swf is denied due to lack of policy file 
permissions.

Can somebody help me with that problem ?

Or is there maybe a good way to define one simple webservice-method (like stringResult = command (stringSessionId, stringCommand, stringParams, stringResult)) without loading the .wsdl - file ? If i had that possibility i wouldnt have to stumble about that sandbox - stuff.

Any help appreciated.

Answer 1

Crossdomain policy file is absent. It should be at this location. You are able to load 'wsdl' from your local machine, because your sandbox is local trusted (i.e. most convenient sandbox). So currently I can't see any way to accomplish this in flash unless there is crossdomain policy file at the desired location.
But you can try Server Side Proxy Method for loading the wsdl.

Answer 2

Flash doesn't allow loading content from domains other than the one where your SWF is hosted unless those domains allow you to do it. Remote domains can choose to allow SWFs in your domain to load content from them using a crossdomain.xml policy file hosted at their web root.

Here are some sample policy files : YouTube, Twitter. Check the Adobe link on policy files to know more.

The error message "ignoring due to incorrect syntax" indicates that the policy file is present there but not well formed or has some syntax errors. But I cannot find anything at http://schemas.xmlsoap.org/crossdomain.xml.

Where is your web service hosted? What are you trying to load from http://schemas.xmlsoap.org/soap/encoding/?

Answer 3

Thanks for the comments. The real problem here is, that the gSoap - generated wsdl - file tries to "access" these domains all over the place, so that crossdomain - stuff is out of my hands. Anyway i solved the issue now by writing the wsdl by hand without all that wsdl gsoap mega bloating, so its just accessing the w3c.* domains and they ARE obviously crossdomained right.