Adobe's documentation on this is not crystal clear (to me anyway). Hoping that someone who's been down this road can point me in the right direction.
My app is hosted on a shared host (webFaction). The swfs are loaded over http. The users credit card data is transmitted over https. All works fine in the flash IDE. However, with the app running in a browser I get: 2048: Security sandbox violation: http://example.com/media/swf/game.swf cannot load data from https://example.com/secure/game/direct_payment. WebFaction serves a global crossdomain.xml file for all it's customers. I don't have a way to change the policy file at server root. Here's their file: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE cross-domain-policy SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'> <cross-domain-policy> <allow-access-from domain="*"/> </cross-domain-policy> Questions: 1. Given the server configuration, how can I get around the security sandbox error when I make a https call? 2. How bad (or not) is the resulting security created by the <allow-access-from domain="*"/> Thanks very much _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders