I realize it's worth mentioning these two servers are using self-signed certs (at the moment). So the first time you launch the apps in Firefox you can "add an exception" basically telling Firefox that you trust these self-signed certs. After that Firefox won't bother the user.
However, IE doesn't seem to handle/act that way. --- In [email protected], "cwicky99" <codecr...@...> wrote: > > I have a Flex app that runs on foo.acme.com which tries to access content on > bar.acme.com over secure communications (i.e SSL). > > Both servers use tomcat and on bar.acme.com I have a crossdomain.xml file > setup in /tomcat_home/webapps/ROOT. > > When I launch the app on foo (i.e. https://foo.acme.com) it attempts to make > a RESTful request to https://bar.acme.com/content/person (as an example). In > Firefox this works just fine. However, in Internet Exploer (I am using IE7 > in this case) it fails giving me the message: > > "Error #2048: Security sandbox violation: https://foo.acme.com/myApp.swf > cannot load data from https://bar.acme.com/content/person"; > > However, there is a workaround (not good enough for production use though): > 1. Open IE7 > 2. Open a tab to https://bar.acme.com (basically launch the app over there) > 3. Open a tab to https://foo.acme.com (this is the app that requests data > from the 'bar' server). > 4. Ta-Da it works > > So if I first load up the app on the other server (i.e. 'bar.acme.com') > things work just fine. Anyone have any idea what I can do about this?? I'm > not sure about IE6 (still need to test again)...at this point I believe if a > user opens IE6 and visits 'bar.acme.com', then goes to 'foo.acme.com' it > works (have to validate this though). > > Just in case, here is the crossdomain.xml: > > <?xml version="1.0"?> > <cross-domain-policy> > <site-control permitted-cross-domain-policies="all"/> > <allow-access-from domain="*" secure="true" to-ports="443"/> > </cross-domain-policy> >
