Can a SWF (using URLLoader) access HTTPS webservice?

dan picture dan · Sep 7, 2009 · Viewed 9.6k times · Source

I have a fla (using ActionScript 3.0) I am compiling in Flash. I am using URLRequest and URLLoader to access a http webservice.

var loader:URLLoader = new URLLoader();     
var request:URLRequest = new URLRequest("http:test.webservice.com");    
try {
   loader.load(request);
} catch (error:Error) {
   trace("Unable to load requested document.");
}

This works fine - however if I try and access a https address I get

httpStatusHandler: [HTTPStatusEvent type="httpStatus" bubbles=false cancelable=false eventPhase=2 status=0]
ioErrorHandler: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2032: Stream Error. URL: https://test.webservice.com"]

How can I retrieve data from a https web service? Does the SWF have to be hosted on a SSL secured page?

Answer

grae.kindel picture grae.kindel · Sep 30, 2010

If you install the flash debug player, you'll probably see the following in the log:

** Security Sandbox Violation ***
Connection to https://www.example.com/service/ halted - not permitted from http://www.example.com/your.swf

Error: Request for resource at https://www.example.com/service/ by requestor from http://www.example.com/your.swf is denied due to lack of policy file permissions.

By default a swf hosted in a http cannot access https --it's considered a different domain.

You'll need to set up the appropriate crossdomain.xml policy file, with care to verify the Content-Type is text/* or another whitelisted value. Additionally, you'll need a meta-policy file with "secure=false", which will allow https to be accessed from http.

  <allow-access-from domain="www.example.com" secure="false" />

Further reading:

Policy file changes in Flash Player 9 and Flash Player 10