FYI, opening up the cross domain policy to all sites is doubleplusungood. (Sorry for the 1984 reference!) Lock it down to the specific sites which need cross domain access, no more.
-dhs -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Thu, Mar 25, 2010 at 7:39 AM, Robert Lash <[email protected]> wrote: > Have you tested this with one domain or a static domain address? > You might want to try that first to isolate the issues. > > I actually never got a crossdomain policy to work with the "*" all settings > but was successful with static domain names. > Robert Lash > > > On Wed, Mar 24, 2010 at 4:05 PM, Dawn Hoagland <[email protected]> > wrote: >> >> Background: >> We are running ColdFusion8 in a multi-server configuration under IIS. We >> have an application where we are attempting to allow our customer access >> through a proxy server. The domain of our internal server (for discussion >> sake) is dev.company1.org. The domain they are coming from is >> test.company2.com. >> >> We receive the following error: >> Channel.Security.Error error Error #2048: Security sandbox violation: >> https://test.company2.com/system/app/bin/index.swf cannot load data from >> https://dev.company1.org/flex2gateway/. url: >> 'https://dev.company1.org/flex2gateway/' >> >> All of my searches point to needing to add a crossdomain.xml policy file. >> I've created one (see below) that should allow any connection and placed it >> at the web root. >> >> Am I missing something completely? >> >> ----- begin crossdomain.xml ----- >> <?xml version="1.0" encoding="UTF-8"?> >> <!DOCTYPE cross-domain-policy SYSTEM >> "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd";> >> <cross-domain-policy> >> <allow-access-from domain="*" secure="false" /> >> <allow-http-request-headers-from domain="*" headers="*" secure="false" >> /> >> </cross-domain-policy> >> ---- end crossdomain.xml --- >> >> Thanks! >> >> Dawn > > ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
