Channel.Security.Error and webservices

Today I burned out sometime fixing an issue in an application related to security violation of a SWF file when calling a webservice hosted on another domain. At first even though if it was quite obvious that the error had something to do with the crossdomain, I was not sure what was happening, but after some trial and error and some searching, found that this issue occurs when one thing is missing in the crossdomain xml. The missing node was –

<allow-http-request-headers-from domain=”*” headers=”SOAPAction”/>

This addition was made with the update in Adobe Flash Player 9.0.115.0 which means that if a domain wants to receive headers from a remote SWF it should have a crossdomain xml with the above node added. Find more information here – http://bit.ly/a04r0m . After reading this technote came to know that this update was made  in order to increase the security level and defend against malicious HTTP headers sent by content from other domains. Also was made aware that not all headers can be sent from Flash player and list of blacklisted headers can be found here – http://bit.ly/cPy6CW.

Ideally your crossdomain in these scenarios when working with webservice should look like :

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>

All these kind of issues only pops up once an application is developed and once we finish integration with a backend. So, better check this out guys whenever you deal with http headers and remote SWF ,so that you dont waste considerable time wondering where did you go wrong. Many of you  might be already aware of this setting and those who don’t yet know about this please take a note.

Cheers

Alter the properties of the SWF

Did you know that we can alter the properties of the output SWF of Flex.
The can be done like this:
In a Flex project the application class:

</mx:Metadata>
[SWF(width=”500″, height=”500″, frameRate=”30″, backgroundColor=”#FFFFFF”)]
</mx:Metadata>

and in an actionscript project , the code should be like this:
package
{
   [SWF(width=”500″, height=”500″, frameRate=”30″, backgroundColor=”#FFFFFF”)]
   public class MyClass
   {

    }

I found it handy inorder to fix a problem I encountered in one of our projects. This might not be used quite often, but it is worth knowing…. 🙂