Can a SWF (using URLLoader) access HTTPS webservice?
I have a fla (using ActionScript 3.0) I am compiling in Flash. I am using URLRequest and URLLoader to access a http webservice.
var loader:URLLoader = new URLLoader();
var request:URLRequest = new URLRequest("http:test.webservice.com");
try {
loader.load(request);
} catch (error:Error) {
trace("Unable to load requested document.");
}
This works fine - however if I try and access a https address I get
httpStatusHandler: [HTTPStatusEvent type="httpStatus" bubbles=false cancelable=false eventPhase=2 status=0]
ioErrorHandler: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: https://test.webservice.com"]
How can I retrieve data from a https web service? Does the SWF have to be hosted on a SSL secured page?
Answer
If you install the flash debug player, you'll probably see the following in the log:
** Security Sandbox Violation ***
Connection to https://www.example.com/service/ halted - not permitted from http://www.example.com/your.swf
Error: Request for resource at https://www.example.com/service/ by requestor from http://www.example.com/your.swf is denied due to lack of policy file permissions.
By default a swf hosted in a http cannot access https --it's considered a different domain.
You'll need to set up the appropriate crossdomain.xml policy file, with care to verify the Content-Type is text/* or another whitelisted value. Additionally, you'll need a meta-policy file with "secure=false", which will allow https to be accessed from http.
<allow-access-from domain="www.example.com" secure="false" />
Further reading: