views:

1684

answers:

7

Suddenly my Flex Apps can no longer connect to salesforce.com via its API, I am getting a security sandbox violation. Login credentials are correct, I have tried them via a different means, and I have obfuscated them below.

This was working fine earlier today and I have not been coding since then.

Anyone else come across this or know what's going on?

Here is the exception returned to my app

Method name is: login
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer connected.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer sending message 'B89E5879-D7F7-E91E-2082-BBEE231054DD'
'direct_http_channel' channel sending message:
(mx.messaging.messages::HTTPRequestMessage)#0
  body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"&gt;&lt;se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>simon.palmer@***.com</username><password>***</password></login></se:Body></se:Envelope>"
  clientId = (null)
  contentType = "text/xml; charset=UTF-8"
  destination = "DefaultHTTPS"
  headers = (Object)#1
  httpHeaders = (Object)#2
    Accept = "text/xml"
    SOAPAction = """"
    X-Salesforce-No-500-SC = "true"
  messageId = "B89E5879-D7F7-E91E-2082-BBEE231054DD"
  method = "POST"
  recordHeaders = false
  timestamp = 0
  timeToLive = 0
  url = "https://www.salesforce.com/services/Soap/u/11.0"
Method name is: login
*** Security Sandbox Violation ***
Connection to https://www.salesforce.com/services/Soap/u/11.0 halted - not permitted from https://localhost/pm_server/pm/pm-debug.swf
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer acknowledge of 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer fault for 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
Comunication Error : Channel.Security.Error : Security error accessing url : Destination: DefaultHTTPS
Error: Request for resource at https://www.salesforce.com/services/Soap/u/11.0 by requestor from https://localhost/pm_server/pm/pm-debug.swf is denied due to lack of policy file permissions.
A: 

Did you recently upgrade to flash player 10? Flash player 10 changes the way policy files work to some degree, and the crossdomain.xml file needs to be updated to address this. In short, Salesforce.com probably isn't prepared for users upgrading to Flash Player 10 yet.

Chris
+1  A: 

You have to make sure to load the policy from the /services tree, the default policy at the root won't help you. You need to load this policy https://www.salesforce.com/services/crossdomain.xml

superfell
salesforece.com have acknowledged a bug with the redirect through www. the crossdomain you refer to has recently changed to allow crossdomain policy files at a lower level. I think this change is in some way related to the bug in question.
Simon
actually, I am the Web Services architect at salesforce.com. there's no issues with the redirect code on www.
superfell
+1  A: 

The solution to this problem was to set the server protocol and url as follows:

apex = new Connection();    
apex.serverUrl = "https://na3.salesforce.com/services/Soap/u/14.0";
apex.protocol = "https";

However, this seems to create a secondary issue of users being locked out, so the issue of non-connectivity remains.

Update: salesforce.com have acknowledged a bug. See my other related post.

Simon
API Login calls have to goto www.salesforce.com, that's why you're getting the invalid user response when you send it to na3. see my early answer about loading the right policy file for www
superfell
A: 
A: 

I resolve this issue accessing to the Flash Player Configuration Panel(I just recommend it in a development environment), in the "Global Security" tab, select Always Allow.

Regards.

A: 

I've tried all of the solutions mentioned above. And still unable to get my SWF file working on a Salesforce Sites page.

Please see my community post, and let me know:

http://community.salesforce.com/sforce/board/message?board.id=general_development&amp;message.id=37035

Suri