It sounds like Adobe have changed their policy to eliminate this insecure configuration altogether. So it seems you will have to debug using HTTPS for application and data.
On 2010-05-18, at 08:44, jvvn murty wrote: > Thanks ptw > > still i am going to extend this discussion. By default in the > crossdomain.xml file the secure="false" is there. But i am not able to get > it solved. Is there any way to do that? > > I gone through some information that > "Flash SWF files served over HTTP (or other insecure protocols) are no > longer allowed to access movies or data served over HTTPS. " > > > On Tue, May 18, 2010 at 6:05 PM, P T Withington <[email protected]> wrote: > >> The adobe paper I referenced should explain all. I believe you have to >> specify secure='false': >> >> *1.5.5 HTTP-HTTPS communications* >> Example 1.6 demonstrates the most permissive use of allow-access-from >> granting >> any other domain access to the files on this target domain, even if an HTTP >> source is accessing data on this domain through HTTPS. It should be obvious >> that this practice is not recommended. >> *Example 1.6: allow-access-from: Most permissive access* >> <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM " >> http://www.adobe.com/xml/dtds/cross-domain-policy.dtd";> >> <cross-domain-policy> <allow-access-from domain="*" secure="false"/> >> </cross-domain-policy> >> >> >> On 2010-05-18, at 08:27, jvvn murty wrote: >> >> Thanks ptw, >> >> we are going to both in https. Presently its in dev phase. Once >> everything is fine then we will put in prod with https only. >> For now we have to test it in dev and local with app in http. >> Can u please tell me what changes we have to do in crossdomain.xml to >> comeout of this issue? >> >> On Tue, May 18, 2010 at 5:53 PM, P T Withington <[email protected]> wrote: >> >> Running the app in http and service in https is insecure. You can permit >> >> it with crossdomain.xml, but you will have no security, since http app can >> >> send https data to some other (unknown) server. This is why most browsers >> >> issue a warning if you try to do this in HTML and why Flash does not permit >> >> it by default. If you app is manipulating secure data, it is best if the >> >> app and the data are from the same https server. >> >> >> On 2010-05-18, at 08:10, jvvn murty wrote: >> >> >> Hi ptw, >> >> >> my application is running with http and the services api is running >> >> in >> >> https. >> >> Is it possible to work like this? or i have to change my application >> >> server to https? >> >> >> is there any solution for the application in http and services in >> >> https? >> >> >> >> >> On Tue, May 18, 2010 at 4:44 PM, P T Withington <[email protected]> wrote: >> >> >> Are you fetching the app from the https server? It is not recommended >> >> that >> >> you permit a http app to access https data, although it can be done. To >> >> do >> >> so makes the use of https pointless. More information here: >> >> >> >> >> >> http://learn.adobe.com/wiki/download/attachments/64389123/CrossDomain_PolicyFile_Specification.pdf?version=1 >> >> >> On 2010-05-18, at 06:51, jvvn murty wrote: >> >> >> Hi, >> >> >> I tried to work with https service API's in dataset but iam not able to >> >> hit the dataset and its giving crossdomain.xml problem. >> >> >> Is there any way to call the services with https ? >> >> >> just this is my example: >> >> >> <canvas proxied="false"> >> >> <script> >> >> var srcs="https:// test url"; >> >> </script> >> >> <dataset name="myDs" type="http" request="true" src="${srcs}"> >> >> <handler name="ondata"> >> >> Debug.write("test"+this.serialize()) >> >> </handler> >> >> </dataset> >> >> </canvas> >> >> >> >> >> >> >>
