tags:

views:

2186

answers:

2
Q: 

Flex Issue with crossdomain.xml and FileReference.upload

Greetings

I have a Flex application that does a variety of request to a web application located in a different domain. Thus I've made a custom crossdomain.xml to allow access from my Flex app. The content of this file is

> <!DOCTYPE cross-domain-policy SYSTEM
> "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"&gt;
> <cross-domain-policy>
>     <site-control permitted-cross-domain-policies="all"/>
>     <allow-access-from domain="*" secure="false" to-ports="*"/>
> </cross-domain-policy>

This crossdomain.xml is located in a subfolder in my webapp: http://host:port/services/crossdomain.xml The services (some are http services others web services) are located all inside the services subfolder.

I'm loading the crossdomain.xml using Security.loadPolicyFile and everythings works fine. Until i tried to make a file upload using the FileReference Object. Even when my HTTP Form is located under the services subfolder and that I am correctly loading the crossdomain.xml file (I can do either http requests and web services requests ) everytime i try to do a file upload i get the infamous Security Sandbox Violation.

I am missing something? Is there any special instruction to allow file uploads? According to the Adobe documentation (http://livedocs.adobe.com/flex/3/html/help.html?content=05B_Security_10.html) everything is well configured. Any ideas?

+1  A: 

File upload in Flash Player uses the Socket API instead of the browser networking API. So to do things this way you will need to have a socket policy file.

An easier alternative is to do the upload via a RemoteObject. To do this you will need to use the new FileReference APIs in Flash Player 10 so that you can read the bytes of the file client-side and then send them to the server inside a RemoteObject call.

James Ward  2009-03-26 22:06:04
A: 

Did you ever solve this problem?

I had a look at the 'socket policy file' docs suggested by James Ward but, as far as I can tell from reading through them, the format of a socket policy file is the same as a normal crossdomain file.

Furthermore, if you don't want to go to the effort of setting up a special server on port 843 to serve that file, the fallback is to do exactly what you did already which is to load the crossdomain.xml via Security.loadPolicyFile() in your movie code.

So it seems like a non-answer...

Anentropic  2009-12-10 13:03:25

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.