• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers

URLRequest with crossdomain behind firewall gets 2044/2048 Sandbox violation

Jun 03, 2013 Jun 03, 2013

Copy link to clipboard



We have an app running over HTTP on server "S", behind a firewall "F" and requesting an XML file through HTTPS to server "X" (through the firewall).

We've setup the crossdomain policy files on "X" as follow :

    <site-control permitted-cross-domain-policies="all" />


    <allow-access-from domain="ip.of.firewall.F" secure="false" />
    <allow-http-request-headers-from domain="ip.of.firewall.F" headers="*" secure="false" />

secure="false" because the request comes from a non HTTPS page.

The URL we're trying is accessible without any problem outside of flash using its URL:

In our flash souce code we call


and it seems to be loaded properly as reported by Fiddler2

Then we use the URLRequest to get the xmlfile as follow:

var request : URLRequest = new URLRequest (https://domain_X/some_folder/file.xml);
request.method = URLRequestMethod.GET;
var loader : URLLoader = new URLLoader ();
loader.addEventListener( Event.COMPLETE, getfeatureinfo_result )
loader.load ( request );

All of this works fine when running under flashbuilder as it doesn't request the crossdomain policy file. But when it get published on our test server, we get the 2044/2048 Sandbox violation error.

We use IE8

I really don't know where to look next to find a solution. I guess it has something to do with the firewall?

Any suggestion would be greatly appreciated.


Changing <allow-http-request-headers-from domain="ip.of.firewall.F"

and allow-access-from domain="ip.of.firewall.F"

with domain="*" temporarely solved the problem...

What I understand is that Flash will look at the crossdomain file in the context of the server where the client app is hosted, wich makes sense. But in our case, the XML file we are trying to reach is outside of our intranet and our network privacy policies forbid us from publishing internal IP adresses to the outside world. That means we cannot put the server_S ip adress in the crossdomain file that sits on the server_X.

It seems that there is no workaround this issue... we leave domain="*" or we put in our intranet's server ip adresse

Message was edited by: jeanbernardgariepy






Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines