Does anyone know if the crossdomain policy file at salesforce.com has changed?

Question

Suddenly my Flex Apps can no longer connect to salesforce.com via its API, I am getting a security sandbox violation. Login credentials are correct, I have tried them via a different means, and I have obfuscated them below.

This was working fine earlier today and I have not been coding since then.

Anyone else come across this or know what's going on?

Here is the exception returned to my app

Method name is: login
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer connected.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer sending message 'B89E5879-D7F7-E91E-2082-BBEE231054DD'
'direct_http_channel' channel sending message:
(mx.messaging.messages::HTTPRequestMessage)#0
  body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"&gt;&lt;se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>simon.palmer@***.com</username><password>***</password></login></se:Body></se:Envelope>"
  clientId = (null)
  contentType = "text/xml; charset=UTF-8"
  destination = "DefaultHTTPS"
  headers = (Object)#1
  httpHeaders = (Object)#2
    Accept = "text/xml"
    SOAPAction = """"
    X-Salesforce-No-500-SC = "true"
  messageId = "B89E5879-D7F7-E91E-2082-BBEE231054DD"
  method = "POST"
  recordHeaders = false
  timestamp = 0
  timeToLive = 0
  url = "https://www.salesforce.com/services/Soap/u/11.0"
Method name is: login
*** Security Sandbox Violation ***
Connection to https://www.salesforce.com/services/Soap/u/11.0 halted - not permitted from https://localhost/pm_server/pm/pm-debug.swf
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer acknowledge of 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer fault for 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
Comunication Error : Channel.Security.Error : Security error accessing url : Destination: DefaultHTTPS
Error: Request for resource at https://www.salesforce.com/services/Soap/u/11.0 by requestor from https://localhost/pm_server/pm/pm-debug.swf is denied due to lack of policy file permissions.

Answer 1

Did you recently upgrade to flash player 10? Flash player 10 changes the way policy files work to some degree, and the crossdomain.xml file needs to be updated to address this. In short, Salesforce.com probably isn't prepared for users upgrading to Flash Player 10 yet.

Answer 2

You have to make sure to load the policy from the /services tree, the default policy at the root won't help you. You need to load this policy https://www.salesforce.com/services/crossdomain.xml

Answer 3

The solution to this problem was to set the server protocol and url as follows:

apex = new Connection();    
apex.serverUrl = "https://na3.salesforce.com/services/Soap/u/14.0";
apex.protocol = "https";

However, this seems to create a secondary issue of users being locked out, so the issue of non-connectivity remains.

Update: salesforce.com have acknowledged a bug. See my other related post.

Answer 4

I resolve this issue accessing to the Flash Player Configuration Panel(I just recommend it in a development environment), in the "Global Security" tab, select Always Allow.

Regards.

Answer 5

I found the solution to this problem

go here, http://community.salesforce.com/sforce/board/message?board.id=general%5Fdevelopment&message.id=35491#M35491

Answer 6

I've tried all of the solutions mentioned above. And still unable to get my SWF file working on a Salesforce Sites page.

Please see my community post, and let me know:

http://community.salesforce.com/sforce/board/message?board.id=general_development&message.id=37035