Oh man this one cost me some time.
I have a swf loading data from some services at IP yadayada. It's working fine, both from the FB IDE, and when I copy the bits to the remote server, pull up a browser, and hit the remote IP.
Then I try it from another machine, same browser, same FP version, same IP address. I see this gobbledy gook:
Warning: Failed to load policy file from http://localhost:37813/crossdomain.xml
*** Security Sandbox Violation ***
Connection to http://localhost:37813/?q=services/amfphp?hostport=[ipommitted]&https=N&id=-1 halted - not permitted from [myswf]
WTF, why, why, why is that request trying to load the crossdomain file from localhost:37813, screwing up everything on all but my dev machine? Yes, I know dev machines aren't the acid test, but I'm not running the project from the IDE, or even the browser the IDE uses, I'm pulling up an "off to the side" browser and hitting the remote address, exactly as I am on any other computer.
I went through all the security settings, found posts directing me time and again to the new meta policy and socket policy documents and white papers: I've read them all, several times in the past, I'm good with Flash security, I KNEW I was doing all this correctly.
So, I abandoned Flash security, assuming I had everything correct. Where else had I seen URLS redirected to localhost:port?
HTTP Sniffers, like Fiddler. They intercept HTTP traffic, channel it to a local port, trace the data, and forward the request along.
Was I running one? No...oh wait, yes.
THE NETWORK MONITOR IN FLASH BUILDER.
IT COMPILES THE REDIRECT INFO INTO YOUR SWF.
So, if you compile your swf with the network monitor active, which you may not realize is the case, you have just told your swf to redirect all traffic to localhost:37813. So you'll deploy it, and guess what? Because no other machine is running the FB network monitor, the calls will fail. GAH.
Turn network monitor off. Recompile your swf. Redeploy. Voila.
GAH. What a pain. Anyway, if you have this problem, hopefully this saves you from the frustrated grumbling and cursing I spent a few hours going through.
As always, thanks for visiting.
Thank you! Very useful!
ReplyDeleteNice article.. but I have an absolute opposite situation. I am deploying my application on Tomcat server A and its sending http request to an application Tomcat server B. Despite putting crossdomain.xml file across all folder from root to webapp to the application folder, I can make successful calls to TomB only when Network Monitor is ON. Else it gives unable to load crossdomain.xml.
ReplyDeletePl help me
WOW! I had the same problem and was racking my head trying to figure it out. I read the post and said "Doh! I still have that on!"
ReplyDeleteThanks for the head slapper!
On this bug of FB 4 I was working hours and hours. Reading all what I could find about crossdomain.xml
ReplyDeleteAnd yes of course I turned on the network monitor - a really cool feature. But I never have thought of that this could be compiled in my swf and cause security issues.
I found several times the access of local host on a high port - but babe, I never thought of the Network Monitor. This is really a bad one Adobe!
Anyway FB4 is much better than FB3.
Cheers and thanks for your post,
Marc
Your post really help. Compiled a new version (with small bugfix) and there was the localhost:37...
ReplyDeleteThanks for the prefect tip!
Stale thread, I know, but I experienced something very similar.
ReplyDeleteI had the network monitor on, so all my NTLM requests were failing. Turn it off and it worked fine. I spent 2 days on this, and was headdesking for quite a while.
TCoz,
ReplyDeleteThanks a lot for this tip.. I ended up wasting a day trying to figure out the problem!!!
-Gayatri
interesting thing..is it bug with network monitor in flashbuilder ?
ReplyDeleteOMG Mate! You saved my life by this post :) Thanks a lot!
ReplyDeleteSUNNUVAH. Brilliant, thanks! You saved me a ton of time. Jeeeezzzeee......
ReplyDeleteMay be necessary to do a clean build (in Flash/Flex Builder) to remove vestiges of sandboxy-ness.
ReplyDeleteDisabling Network Mon. worked for me after a clean, though the first try may have been foiled by caching rather than cleaning.
Tcoz, verily thou art brilliant. I too was weeping and gnashing over this behaviour. THANKS for posting this sol'n.
I'm with this same problem.
ReplyDeleteHow do I disable network monitor??
Hello,
ReplyDeleteMany outsource mobile application development as well as web development companies are offering custom iPhone application development to put your ideas into existence
hire iphone developer
Thanks! I have been churning over this for HOURS!!!
ReplyDeleteThanks!!!!!!! Ive been at this for days now and its finally working.
ReplyDeleteThanks! I had same issue and it was difficult to figure it out.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteDamn! This took hours for me to figure out. I used HttpWatch only to see the application requesting for the crossdomain.xml from localhost:37813. Then finally did release build and it fixed the issue. Thanx a lot :)
ReplyDeleteThis is awesome explanation ! This problem is a real headache, Thanks Tcoz !
ReplyDeleteOMG, you saved my life.
ReplyDeleteWow... Thank you SO MUCH !! You rock !
ReplyDelete