Geez, I'd have to go through the whitepaper again, but if you're running on a local box via the file system instead of HTTP you are not in a REMOTE sandbox and the rules are different. If you set up a local server and fetch the app via http, you should see it fail to make the calls. -Alex
________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Vargo Sent: Friday, May 11, 2007 2:16 PM To: [email protected] Subject: [flexcoders] I dont need a crossdomain.xml? I've written a few sample apps. One that uses WebService and one that uses HTTPService. - My app is running on my local box. - The WebService makes a request to say www.somewhere.com. - The HTTPServicemakes a request to say www.anotherdomain.com. Both requests work without a crossdomain.xml file on www.somewhere.com or www.anotherdomain.com. Am I not understanding correctly how the security model works? My understanding is that these 2 calls should not work. - Mike
