i Know Kung Foo Consulting

"Security error accessing url" problem with Flex SWF

I figured out why the Flex example from my last post was loading sporadically. It had to do with the domain you were on when you clicked the link to it.

The problem

When I created the MXML file, I used a URL with the subdomain "www" in the HTTPService definition.

<mx:HTTPService id="feedRequest" url="http://www.iknowkungfoo.com/blog/rss.cfm?mode=full" useProxy="false" showBusyCursor="true" />

When I created the link to the SWF file in my last post, I used a relative path to the file.

<a class="outbound" target="_blank" href="/examples/flex/blog_reader/BlogReader.swf">

So if you visited my site via the root domain, the link would be

BlogCFC is setup to use the subdomain "www" as part of all the link it creates. Because of that, you could get the link as

The SWF treats iknowkungfoo.com and www.iknowkungfoo.com as two separate domains and that is a security issue.

This is the actual error message that popped up:

[RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"]
   at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal::faultHandler()
   at mx.rpc::Responder/fault()
   at mx.rpc::AsyncRequest/fault()
   at ::DirectHTTPMessageResponder/securityErrorHandler()
   at flash.events::EventDispatcher/flash.events:EventDispatcher::dispatchEventFunction()
   at flash.events::EventDispatcher/dispatchEvent()
   at flash.net::URLLoader/flash.net:URLLoader::redirectEvent()

Remote Data Security

From the Flex livedocs:

For security reasons, applications running in Flash Player on a client computer can only access remote data sources if one of the following conditions is met:

  • Your application's compiled SWF file is in the same domain as the remote data source.
  • You use a proxy and your SWF file is on the same server as the proxy.
  • A crossdomain.xml (cross-domain policy) file is installed on the web server hosting the data source.

Oops.

The solution

Rather than mess around with a crossdomain.xml file right now, I opted to update the link to use the subdomain to satisfy the 1st requirement listed.

So now, if you have Flash Player 9, you can see the BlogReader.swf example here. :)

Related Blog Entries


Comments (Comment Moderation is enabled. Your comment will not appear until approved.)