These may help: http://stackoverflow.com/questions/960313/removing-flash-meta-policy-communication-warning http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_05.html#_Configuring_URL_Meta-Policies
--- In [email protected], "Laurence" <lmacne...@...> wrote: > > Ok - I've already posted a reply to this once, but that was an hour ago and > it still hasn't showed up in the messages list. So my apologies in advance > if this winds up being a double-post. > > Anyway -- I followed the intstructions for importing my cert into IE. I can > now browse to https://{myDomain} with no cert-errors. But Flex still isn't > dealing with it correctly. (Obviously, I've replaced my real domain with > {myDomain} in this example.) > > I get the following error: > Warning: Domain {myDomain} does not specify a meta-policy. Applying default > meta-policy 'master-only'. This configuration is deprecated. See > http://www.adobe.com/go/strict_policy_files to fix this problem. > > Error: Request for resource at https://{myDomain}/flex2gateway/cfamfsecure by > requestor from http://{myDomain}/QMS/QMS.swf is denied due to lack of policy > file permissions. > > *** Security Sandbox Violation *** > Connection to https://{myDomain}/flex2gateway/cfamfsecure halted - not > permitted from http://{myDomain}/QMS/QMS.swf > > > So I'm no longer getting the "error loading crossdomain.xml" problem that I > had before... But now this new error about a meta-policy? I went to the > web-site it told me to go to, but I didn't understand a damn thing. Is my > lack of a meta-policy the problem here? > > So someone please give me a clearer understanding of what a meta-policy is, > and how to create one? (If that is, indeed, my problem... It's still > telling me there's a "lack of policy file permissions" which is completely > wrong -- {myDomain} is in there...) > > Thanks for the help. I truly despise security issues... Ugh... > L. > > > --- In [email protected], "valdhor" <valdhorlists@> wrote: > > > > This may help out: > > > > http://stackoverflow.com/questions/195275/connect-to-self-signed-https-web-services-from-flex > > > > --- In [email protected], "Laurence" <LMacNeill@> wrote: > > > > > > Ok. I finally figured out how to create my own security certificate on > > > my Windows 2003 server, using Certificate Services. I can access my > > > server using https:// right now -- the browser gives me an error because > > > it's not a trusted cert, of course, but https:// does work if I ignore > > > the "not trusted" message... > > > > > > So, I'm trying to secure a ColdFusion 8 data-channel on my intranet. > > > I've edited the services-config.xml file to give me a cf-amf-secure > > > channel, and I'm directing one of my remote objects to my new > > > "SecureColdFusion" destination... > > > > > > Obviously the CF part appears to be working -- because it IS attempting > > > to access https://localhost/flex2gateway/cfamfsecure. But every time it > > > does, I get a cross-domain policy error. If I run the program in Debug > > > mode, I actually get a "failed to load https://localhost/crossdomain.xml"; > > > error message immediately before I get the general "security sandbox" > > > error. > > > > > > What I think is happening is that Flex is trying to load the > > > crossdomain.xml file through https:// not http:// and the untrusted > > > security certificate is preventing the crossdomain.xml file from being > > > loaded. I did add a > > > 'Security.loadPolicyFile("http://localhost/crossdomain.xml";);' command to > > > my program, and that didn't change anything. It still gives me the > > > "failed to load" error. Did I mention I hate security issues? > > > > > > Anyway -- I think the trick is to somehow make Flex trust my self-created > > > cert. If I can do that, then it should be able to load crossdomain.xml > > > from the https. Can anyone help me get Flex to trust my self-created > > > certificate? > > > > > > Thanks, > > > Laurence MacNeill > > > Mableton, Georgia, USA > > > > > >
