How can I fix a Flash security error #2048

flash security crossdomain.xml
Thomas picture Thomas · Jan 31, 2013 · Viewed 29.8k times · Source

I have having an error in flash #2048. Everything I can find points to the fact this this is a security precaution as the files are not on the same domain.

We have a site running on Rackspace cloud servers, and are just now trying to use cloud files a CDN to speed up a product rotation tool that we use on our site. You can view the current working tool, using the files located on our server as well as my demo where I switched links to reflect the cloud files instead of the local files. ( EDIT: I have removed links to demo site as they are no longer relevant. )

The solutions I have found are seemed to be adding a few lines of code according to this stackoverflow question.

From the Stackoverflow question above's answer I implemented the following code:

allowscriptaccess = "always"
allownetworking = "all"

As described in our template file. My concern is the first portion of the fix listed.

<site-control permitted-cross-domain-policies="all"/>

Which I believe goes in a crossdomain.xml file. I created this file and put it in the root folder and used code from this documentation page. I used the following code.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*" secure="false" />
  <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

After all of this I still get the error # 2048. I would really appreciate any help you can provide, thanks!

Answer

Sunil D. picture Sunil D. · Jan 31, 2013

Thomas, on which server did you put the crossdomain.xml?

The crossdomain.xml file belongs on the server that is supplying the data. So if your Flash app is running on your servers, and it attempts to download data from some other domain ... that other domain needs to supply a crossdomain.xml file.

Based on your comment in the other StackOverflow question that you linked to, it sounds like you put the crossdomain.xml on your own server. By doing that, you're saying it's ok for Flash app's hosted on other websites to get data from your web site. Instead, you need to put a crossdomain.xml file on the CDN site that authorizes Flash apps in other domains (like your own) to access the data on the CDN.

Related questions

Flash Security.AllowDomain()

I've got a Flash movie, loading data from an external URL. In fact, it's a RSS reader inside a banner. Everything works perfectly when the Flash movie and data URL are on the same domain. However, if the Flash movie …

Read More
How to save this rtmp flash video stream?

My sister wanted me to save http://esewingworkshop.com/video-lesson/overview-zipper-types flash video & couple more for offline viewing purposes and asked me how to save it. I immediately fired firebug in firefox but surprisingly the video source is not …

Read More
Flash AS3 Getting Security sandbox violation when trying fetch an external swf

Hii, I'm tring to load swf file to my flash application from a different server. When i try to load it on flash IDE (crl+enter) everything is working fine, but when i run the swf as an independent swf …

Read More