anyone...??
--- In [email protected], "cwicky99" <codecr...@...> wrote:
>
> I realize it's worth mentioning these two servers are using self-signed certs
> (at the moment). So the first time you launch the apps in Firefox you can
> "add an exception" basically telling Firefox that you trust these self-signed
> certs. After that Firefox won't bother the user.
>
> However, IE doesn't seem to handle/act that way.
>
> --- In [email protected], "cwicky99" <codecraig@> wrote:
> >
> > I have a Flex app that runs on foo.acme.com which tries to access content
> > on bar.acme.com over secure communications (i.e SSL).
> >
> > Both servers use tomcat and on bar.acme.com I have a crossdomain.xml file
> > setup in /tomcat_home/webapps/ROOT.
> >
> > When I launch the app on foo (i.e. https://foo.acme.com) it attempts to
> > make a RESTful request to https://bar.acme.com/content/person (as an
> > example). In Firefox this works just fine. However, in Internet Exploer
> > (I am using IE7 in this case) it fails giving me the message:
> >
> > "Error #2048: Security sandbox violation: https://foo.acme.com/myApp.swf
> > cannot load data from https://bar.acme.com/content/person";
> >
> > However, there is a workaround (not good enough for production use though):
> > 1. Open IE7
> > 2. Open a tab to https://bar.acme.com (basically launch the app over there)
> > 3. Open a tab to https://foo.acme.com (this is the app that requests data
> > from the 'bar' server).
> > 4. Ta-Da it works
> >
> > So if I first load up the app on the other server (i.e. 'bar.acme.com')
> > things work just fine. Anyone have any idea what I can do about this??
> > I'm not sure about IE6 (still need to test again)...at this point I believe
> > if a user opens IE6 and visits 'bar.acme.com', then goes to 'foo.acme.com'
> > it works (have to validate this though).
> >
> > Just in case, here is the crossdomain.xml:
> >
> > <?xml version="1.0"?>
> > <cross-domain-policy>
> > <site-control permitted-cross-domain-policies="all"/>
> > <allow-access-from domain="*" secure="true" to-ports="443"/>
> > </cross-domain-policy>
> >
>
