Whenever there is a security violation, the first thing that comes to mind is the crossdomain.xml that should be properly configured and set-up at the salesforce end.
Salesforce had the crossdomain.xml in both their http and https servers.
http://test.salesforce.com/services/Soap/u/crossdomain.xml
http://test.salesforce.com/services/Soap/crossdomain.xml
https://test.salesforce.com/services/Soap/u/crossdomain.xml
https://test.salesforce.com/services/Soap/crossdomain.xml
This is the content of the crossdomain.xml file in salesforce.com
- < cross-domain- policy>
< allow-access- from domain="*" secure="true" />
< allow-http- request-headers- from domain="*" headers="*" secure="true" />
< /cross-domain- policy>
I tried my swf accessed from both http and https. I still get the same error. Error #2170: Security sandbox violation
I gave permission for the swf file to allow access to Salesforce URL in swf settings > Global security settings panel. I still get the same error. Error #2170: Security sandbox violation
Thanks to one of the coders in the flex forum, he alerted me of the new security feature that got introduced in Flash Player 10. The above solution would have worked great in Flash player 9, bcos in version 9, the flash player would automatically look at the root crossdomain.xml in salesforce.com. If it is not there, it would look at the next crossdomain.xml in /root/at this folder1/crossdomain.xml
But in Flash player 10, we have to load crossdomain file explicitly in the Flex code. Read here for more info:
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_ security_03.html
I have added the following code in my flex app.
private function setupSecurity():void {
Security.loadPolicyFile("https://test.salesforce.com/services/Soap/u/crossdomain.xml");
}
Did it work? No! Why? I have deployed the Flex app on the Cisco's IIS server which is a http server. So the Flex app failed to connect saying the same error because I was trying to connect to http IIS server to the https Salesforce server. Conflict of Interest! Either http to http connection is possible. Or https over https is possible. So before installing the https server in Cisco's IIS server, I tried http over http (beware: this would send the password in clear text. You could see the password in firbug in clear text). This is just a test to find out if it would work. Yes! it worked. Now Cisco has to buy a SSL certificate. I did a research to find it costs $1500 for a year!
Please check this URL to buy the certificate :
https://ssl-certificate-center.verisign.com/process/retail/product_selector;jsessionid=4DF6BC5DE74707E0E5B69747B6131232?uid=e1494c681c05e7c3229fd5030d7f1fc0&product=GHA002
Before making this purchase, I need to prove if the https to https works as well. Microsoft is handy for this. They have a free self sign certificate to be installed in the IIS server. Check this URL : http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/993a8a36-5761-448f-889e-9ae58d072c09.mspx?mfr=true
I had to install this self signed SSL on my laptop first. I had IIS Server running on my laptop. After I installed this, https flex app over https salesforce worked!!
When I installed the same solution in Cisco's IIS server, it worked great!!
Here's a screen shot of this flex app which connected to salesforce and retrieved the data to show the relationship in Yworks.
