I have a Flex app that runs on foo.acme.com which tries to access content on bar.acme.com over secure communications (i.e SSL).
Both servers use tomcat and on bar.acme.com I have a crossdomain.xml file setup in /tomcat_home/webapps/ROOT. When I launch the app on foo (i.e. https://foo.acme.com) it attempts to make a RESTful request to https://bar.acme.com/content/person (as an example). In Firefox this works just fine. However, in Internet Exploer (I am using IE7 in this case) it fails giving me the message: "Error #2048: Security sandbox violation: https://foo.acme.com/myApp.swf cannot load data from https://bar.acme.com/content/person" However, there is a workaround (not good enough for production use though): 1. Open IE7 2. Open a tab to https://bar.acme.com (basically launch the app over there) 3. Open a tab to https://foo.acme.com (this is the app that requests data from the 'bar' server). 4. Ta-Da it works So if I first load up the app on the other server (i.e. 'bar.acme.com') things work just fine. Anyone have any idea what I can do about this?? I'm not sure about IE6 (still need to test again)...at this point I believe if a user opens IE6 and visits 'bar.acme.com', then goes to 'foo.acme.com' it works (have to validate this though). Just in case, here is the crossdomain.xml: <?xml version="1.0"?> <cross-domain-policy> <site-control permitted-cross-domain-policies="all"/> <allow-access-from domain="*" secure="true" to-ports="443"/> </cross-domain-policy>