How can I fix a Flash security error #2048

Thomas picture Thomas · Jan 31, 2013 · Viewed 29.8k times · Source

I have having an error in flash #2048. Everything I can find points to the fact this this is a security precaution as the files are not on the same domain.

We have a site running on Rackspace cloud servers, and are just now trying to use cloud files a CDN to speed up a product rotation tool that we use on our site. You can view the current working tool, using the files located on our server as well as my demo where I switched links to reflect the cloud files instead of the local files. ( EDIT: I have removed links to demo site as they are no longer relevant. )

The solutions I have found are seemed to be adding a few lines of code according to this stackoverflow question.

From the Stackoverflow question above's answer I implemented the following code:

allowscriptaccess = "always"
allownetworking = "all"

As described in our template file. My concern is the first portion of the fix listed.

<site-control permitted-cross-domain-policies="all"/>

Which I believe goes in a crossdomain.xml file. I created this file and put it in the root folder and used code from this documentation page. I used the following code.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*" secure="false" />
  <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy> 

After all of this I still get the error # 2048. I would really appreciate any help you can provide, thanks!

Answer

Sunil D. picture Sunil D. · Jan 31, 2013

Thomas, on which server did you put the crossdomain.xml?

The crossdomain.xml file belongs on the server that is supplying the data. So if your Flash app is running on your servers, and it attempts to download data from some other domain ... that other domain needs to supply a crossdomain.xml file.

Based on your comment in the other StackOverflow question that you linked to, it sounds like you put the crossdomain.xml on your own server. By doing that, you're saying it's ok for Flash app's hosted on other websites to get data from your web site. Instead, you need to put a crossdomain.xml file on the CDN site that authorizes Flash apps in other domains (like your own) to access the data on the CDN.