Sign Up ›

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
xraydeltaonexraydeltaone 

flash player 124 security issues

Hi
The flash player 124 seems to be restricting cross domain requests to salesforce. I see the request from cross domain swf's are getting
sandbox violation error.

Error: Request for resource at https://na5.salesforce.com/services/Soap/u/10.0/462300D70000000IjhM by requestor from <externaldomain/swf>  is denied due to lack of policy file permissions.
*** Security Sandbox Violation ***
Connection to https://na5.salesforce.com/services/Soap/u/10.0/462300D70000000IjhM halted - not permitted from <externaldomain/swf>

how to resolve this issue ? Anybody from salesforce shed more light on this ?

More about this issue,

http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_04.html



Message Edited by xraydeltaone on 04-16-2008 12:46 PM
aborda-staborda-st
Hi,
 
we are dealing with the same probems. We have developed some applications for our customers based on Flex and Adobe Air with Flex and everyone that have updated the Flash Player to 9.124.0  can't access to salesforce through the apex library for Flex. Please any feedback or similar experiences will be very welcome.
 
Further information about the issue (sorry some parts are in Spanish).
 
'7580B12D-214D-6B14-EC88-5D4E5310156D' producer connected.
Method name is: login
Advertencia: Omitiendo la etiqueta <allow-access-from> no válida para el dominio 'http://www3.stream.co.jp' en el archivo de política de http://www.salesforce.com/crossdomain.xml
Advertencia: Omitiendo la etiqueta <allow-access-from> no válida para el dominio 'http://salesforce.sitestream.com' en el archivo de política de http://www.salesforce.com/crossdomain.xml
Advertencia: El dominio www.salesforce.com no especifica ninguna metapolítica.  Aplicando la metapolítica predeterminada 'all'.  Esta configuración dejará de funcionar en el futuro. Consulte http://www.adobe.com/go/strict_policy_files_es para resolver este problema.
james2000james2000
Hi Ron,

We are experiencing this same issue. Can you please post a reply when the cross domain file is updated?

Thanks
Ron HessRon Hess
the cross-domain has been updated.

https://na1.salesforce.com/services/Soap/cross-domain.xml
ErnieErnie
Hi Ron,

does this also work for us who are on emea.salesforce.com ?

regards,
Orn Asbjornsson
Siminn
humbertohumberto
hello, I have applications developed in flex that have access to data in salesforce through the API, until today's day they worked correctly the file crossdomain.xml it was this..     
   

  <?xml version="1.0" ?>  
  <!DOCTYPE cross-domain-policy (View Source for full doctype...)>  
- <cross-domain-policy> 
  <allow-access-from domain="*" secure="true" />  
  <allow-http-request-headers-from domain="*" headers="*" secure="true" />  
  </cross-domain-policy>

File be it has changed to:    
    
 <cross-domain-policy>
  <site-control permitted-cross-domain-policies="by-content-type" />
  <allow-access-from domain="http://www3.stream.co.jp" />
  <allow-access-from domain="http://salesforce.sitestream.com" />
</cross-domain-policy>

restricting the alone access to 2 servants and avoiding the possibility of operation of my applications.
aborda-staborda-st
Hi,

we have different applications developed in Flex and Air and interacting with salesforce.com. Since yesterday all our applications are not running due it seems the crossdomain has changed.

Please can anybody help us?

Regards
Miguel
VishwasVishwas

Hi Ron,

 

I am getting similar error for cs2.salesforce.com. I am trying to connect to sandbox and I can connect from standalone flex application. However when I load object is Salesforce I am getting cross domain security error. If I use developer organization it works fine from standalone app as well as from salesforce. Can you please help?

 

Regards