Flex crossdomain.xml not working correctly in Chrome/Firefox ??

Question

Hi,

I've spent quite a bit of time on this so here's where I'm stuck.

I'm using the debug player 10.1 to get an XMLA request from:

http://localhost/dir/blah.swf

to:

http://localhost/olapbin/msblah.dll

This worked fine in the filesystem, but now its on an IIS7 web server.

After a lot of fiddling with the crossdomain.xml file I settled on:

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

which is placed in:

http://localhost/crossdomain.xml

and read with:

Security.loadPolicyFile("http://localhost:80/crossdomain.xml");

I setup Policy file logging (which helped come up with the above file) and on IE8 its all working just fine. I get:

OK: Root-level SWF loaded: http://127.0.0.1/akts/ThinSlicerRunner.swf
OK: Policy file accepted: http://localhost/crossdomain.xml
OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at http://localhost/olapbin/msmdpump.dll by requestor from http://127.0.0.1/akts/ThinSlicerRunner.swf
OK: Searching for <allow-http-request-headers-from> in policy files to authorize header sending to URL http://localhost/olapbin/msmdpump.dll by requestor from http://127.0.0.1/akts/ThinSlicerRunner.swf
OK: Request for resource at http://localhost/olapbin/msmdpump.dll by requestor from http://127.0.0.1/akts/ThinSlicerRunner.swf is permitted due to policy file at http://localhost/crossdomain.xml

On Chrome and Firefox I just get:

OK: Root-level SWF loaded: http://localhost/akts/ThinSlicerRunner.swf
OK: Policy file accepted: http://localhost/crossdomain.xml

and nothing else... no attempts to authorize the httpservice requests.

In the main flex error log I get:

*** Security Sandbox Violation ***
Connection to  
http://localhost/olapbin/msmdpump.dll
  halted - not permitted from http://localhost/akts/ThinSlicerRunner.swf

Which doesn't appear when I run the same thing from IE8. Any idea what's going on ??

AS REQUESTED... MORE CODE

Main sending request:

var connection:TsConnection = this.__connection; 
var token:AsyncToken = new AsyncToken(null);
connection.service.request = this.__curSoapRequest;  
var actualToken:AsyncToken = connection.service.send();
__tokenArr.push(actualToken);
var responder:AsyncResponder = new AsyncResponder(resultHandler, faultHandler, actualToken);
__responderArr.push(responder);
actualToken.addResponder(responder);

Connection object highlights:

   public function init():void {

        //Initialize the service object needed to query the server

    this.__service = new HTTPService;
    this.__service.method = "POST";
    this.__service.contentType = "application/xml";
    this.__service.resultFormat = "e4x";
    this.__service.headers = getHeaders();
    this.__service.url = this.__model.xmlaUrl;
    this.__initialized = true;
}

public function get service():HTTPService {
    return this.__service;
}

private function getHeaders():Object {
    var o:Object = {};
    o["SOAPAction"] = '"urn:schemas-microsoft-com:xml-analysis:Discover"';
    o["Content-Type"] = "text/xml";
    return o;
}   

Thanks for your help ... hope this helps others when fixed. ;-)

Shaun http://www.vidgridz.com/

Answer 1

If your DLL backend service and SWF are served from the same domain, it should be allowed. Nothing in the crossdomain.xml file should apply. You should not have to load the crossdomain file manually either. It sounds like that is what you're trying to do.

I suspect something else is going on with your code.

Answer 2

Thanks for everyone's answers. It was indeed able to be solved in the code even if it wasn't exactly a true coding problem.

Here is the xml data file I was reading the configuration details from:

<tsConnection>
<dataSource>megan</dataSource>
<database>Adventure Works DW 2008</database>                
<cube>Adventure Works</cube>
<xmlaUrl><![CDATA[ 
http://localhost/olapbin/msmdpump.dll
 ]]></xmlaUrl>
</tsConnection>

Now on the "localTrusted" or "localWithNetworking" setup, this was working just fine. It also works on the IE8 Flash player even in "remote".

However, what was happening was that the xmlaUrl was being read as:

\n\rhttp://localhost/olapbin/msmdpump.dll

(with the newline and carriage return at the start) This is was what was confusing the domain checking and throwing a Sandbox Violation when run in the "remote" security sandbox.

Of course, my xml should have been better, and maybe put in some ignore white space processing in the code, but still its quite some bizarre, inconsistent behavior from the Flash player code in Netscape compatible browsers (10.1.x).

So the final, working solution looks like this:

<tsConnection>
<dataSource>megan</dataSource>
<database>Adventure Works DW 2008</database>                
<cube>Adventure Works</cube>
<xmlaUrl><![CDATA[http://localhost/olapbin/msmdpump.dll]]&gt;&lt;/xmlaUrl&gt;
</tsConnection>

I did become a crossdomain.xml expert in the process though. ;-) Although, now I don't need the file at all.

Bear it in mind if you see some crazy unexplained Sandbox Violations, check for white space in your service url.