I've got some strange stuff going on. I have a SWF that is hosted on server A. I have a php file on server B that processes forms. My SWF sends form information to server B and expects to get a set of variables returned (form processed successfully or not).
The SWF is built in AS3. The code is written like this:
// SEND FORM INFO
//-- collect variables
var variables:URLVariables = new URLVariables();
variables.email = txtEmail.text;
//-- set up request for URL
var myRequest:URLRequest = new URLRequest();
myRequest.url = "https://services.processingserver.com/postdata/";
myRequest.method = URLRequestMethod.POST;
myRequest.data = variables;
//-- process loader
var myLoader:URLLoader = new URLLoader();
//myLoader.dataFormat = URLLoaderDataFormat.VARIABLES;
trace("An ArgumentError has occurred.");
txtPrompt.text = "SERVER ARGUMENT ERROR";
trace("A SecurityError has occurred.");
txtPrompt.text = "SERVER SECURITY ERROR";
txtPrompt.text = "SERVER SECURITY ERROR - "+e.text;
It works fine when I test it from a local file. However, when I post the form SWF to the live server, it returns an Error #2048, triggered by the securityErrorHandler function.
The remote server has a crossdomain.xml file, and the server that the SWF is posted on has the file too. This is the code in the xml file:
thanks for the responses. @mlecho -- The flash which is sitting on Server A takes the variables, submits them via POST to a php file sitting on Server B, which then returns a bunch of success/fail variables back to the Flash on Server A.
@cancerinform -- Yeah, I've been poring over that article as well as Adobe's published server permissions specs and I can't see what I'm doing wrong. As far as I can tell I'm complying with everything.
If user loads SWF via HTTPS you have to set <allow-access-from domain="*" secure="true"/>
>> catch (error:SecurityError)
URLLoader.load() doesn't throw SecurityError, you have to subscribe to SecurityErrorEvent.SECURITY_ERROR event.
I updated the cross-domain policy file to be secure="true" but I'm still getting the security error. Any other ideas?
regarding the "catch" -- you're totally right; that's why I have the "myLoader.addEventListener(SecurityErrorEvent.SECU RITY_ERROR, securityErrorHandler);" event listener in there. It's that error that's notifying me that I'm getting error #2048.
Here's what you may try to do for testing: there's no error generated in FP9.124 if Security.loadPolicyFile() fails, but it will generate an error in FP10. So, may be just for the test update the player to the next version to see if the crossdomain was received and properly recognized?
Here's an update: I installed Flash Player 10. If I try to submit the form from the live site, I get the exact same "Error #2048" message. If I test locally, the form works fine, but it worked fine locally when I had Flash Player 9 installed.
Hm... Are you sure you call Security.loadPolicyFile() before connecting to WS? And, is SWF itself loaded using HTTPS? And is crossdomain.xml displayed if you try to view it in browser? And are the ports used for retrieving crossdomain XML and connecting to WS the same (not 80 and 8080 for eg.)
Right now it looks like you're successfully getting permissions to load, but then load from another URL... But if this isn't the case, then I don't know what else can it be...
OK - I finally found what the problem was! It turns out that the server that was serving up the crossdomain XML was returning it as type "application/x-httpd-php5-source". Turns out that Flash 9's new strict security policy will only accept crossdomain xml files that are content type "text/*" (any type of text), "application/xml", or "application/xhtml+xml". It is, of course, extremely difficult to identify this error because you need to have Flash 9 debugger version installed, policy file logging enabled, and you need to read your policy file log.
I have a project to deliver in 2 days and I just had access to the environment where the flash will be published. And I get "Error #2048" as well! But the difference between your problem, is that the SWF and the XML file are hosted at the same domain, but I still get that security error ?!?!?!
The only think though, is that this domain is under HTTPS. Both files are under the same domain, they just live in different directories, for example "https://mydomain.com/swf/myswf.swf" and "https://mydomain.com/xml/myxml.xml".
I'm desperately looking for help!!! Please please please The whole contract is now at stake because of that... and I can't find any documentation anywhere else!!!!