Crossdomain issue when using a secured service

ChrisMathers · ‎02-04-2014

I have a basic crossdomain.xml in my wwwroot folder with my flex apps and everything is just dandy till I try to use an app with a service that requires a password. When I put in the password the service I get "Error #2048". I dont know why everything works with no security but fails with security. If I un-secure that service the app works without error. The chrome developer tools show an error with it tries to get the crossdomain.xml. Chrome can open the xml url. It doesnt matter if you put in the correct password, the error is the same.

ChrisMathers · ‎02-07-2014

Turns out its an https issue. If I open the app as http, log in errors out. If I open the app as https, log in works.

BjornSvensson · ‎02-07-2014

It sounds like you might be missing a property in the crossdomain.xml file. Make sure secure="false" to allow http apps to access https content.

<allow-access-from domain="*" secure="false"/>

See for example http://services.arcgisonline.com/crossdomain.xml

ChrisMathers · ‎02-10-2014

We had Reiman from ESRI Professional Services do the install for our server site and web adapter. This is the crossdomain file he put in place:

[HTML]<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>[/HTML]

It seems like it should work but isn't quite. The simplest solution for us I think is to just have IIS forward everyone to https.