Clever Geek Handbook

Does anyone know if the crossdomain policy file has changed on salesforce.com?

All of a sudden, my Flex applications can no longer connect to salesforce.com through their API, I get a sandboxed security breach. The input credentials are correct, I tried them with other means and I obfuscated them below.

This worked fine today and I have not coding since.

Does anyone else run into this or know what's going on?

Here is the exception returned to my application

Method name is: login
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer connected.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer sending message 'B89E5879-D7F7-E91E-2082-BBEE231054DD'
'direct_http_channel' channel sending message:
(mx.messaging.messages::HTTPRequestMessage)#0
  body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>simon.palmer@***.com</username><password>***</password></login></se:Body></se:Envelope>"
  clientId = (null)
  contentType = "text/xml; charset=UTF-8"
  destination = "DefaultHTTPS"
  headers = (Object)#1
  httpHeaders = (Object)#2
    Accept = "text/xml"
    SOAPAction = """"
    X-Salesforce-No-500-SC = "true"
  messageId = "B89E5879-D7F7-E91E-2082-BBEE231054DD"
  method = "POST"
  recordHeaders = false
  timestamp = 0
  timeToLive = 0
  url = "https://www.salesforce.com/services/Soap/u/11.0"
Method name is: login
*** Security Sandbox Violation ***
Connection to https://www.salesforce.com/services/Soap/u/11.0 halted - not permitted from https://localhost/pm_server/pm/pm-debug.swf
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer acknowledge of 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer fault for 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
Comunication Error : Channel.Security.Error : Security error accessing url : Destination: DefaultHTTPS
Error: Request for resource at https://www.salesforce.com/services/Soap/u/11.0 by requestor from https://localhost/pm_server/pm/pm-debug.swf is denied due to lack of policy file permissions.
+1


source to share


5 answers


You should definitely load the policy from the / services tree, the default policy at the root won't help. You need to download this policy https://www.salesforce.com/services/crossdomain.xml



+1


source


The solution to this problem was to set the server protocol and url like this:

apex = new Connection();    
apex.serverUrl = "https://na3.salesforce.com/services/Soap/u/14.0";
apex.protocol = "https";


However, this seems to create a secondary user blocking issue, so the non-connection issue remains.

Update: salesforce.com has confirmed the error. See my other related post .

+1


source


Have you recently upgraded to Flash Player 10? Flash player 10 changes the way policy files work and the crossdomain.xml file needs to be updated to resolve this issue. In short, Salesforce.com is probably not ready to upgrade users to Flash Player 10 just yet.

0


source


I am uploading a file from flex to google docs. However, everything works in a local file, when we load the SWF file as S controls in Salesforce (sandbox), there is an error when connecting to google. See below:

Error:[FaultEvent fault=[RPC Fault faultString="Security error accessing url"
faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTPS"] 
messageId="1F812836-1318-B845-AC01-F51AB1D11518" type="fault" bubbles=false 
cancelable=true eventPhase=2]

We tried the following solutions below, but nothing works: FLEX: - Add crossdomain.xml to bin-debug folder: below is the content of the cross domain policy.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
     <allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
  • Initialization uses flash.system.security.allowinsecuredomain / allowdomain ("*").
  • Also tried to establish connection.protocol in http Salesforce:
  • Disable protocol security in the remote site settings o Settings -> Administration settings -> Security controls -> Remote site settings  URL: http://www.google.com.ph

No problem with Salesforce, but when initializing the load page, the security error will be displayed specifically in the onErrorFault function. Below are the code snippets:

<?xml version="1.0" encoding="utf-8"?>
<mx:TitleWindow xmlns:mx="http://www.adobe.com/2006/mxml" layout="vertical" width="534" height="462" verticalScrollPolicy="off" horizontalScrollPolicy="off"
creationComplete="init()" showCloseButton="true" close="{this.closeWindow(event)}" roundedBottomCorners="true">
<mx:Script>
<![CDATA[

private function init():void{
        Security.allowInsecureDomain("*");
        //<salesforce:Connection id="apex" sendRequest="sendRequestListener(event)" serverUrl="http://www.salesforce.com/services/Soap/u/10.0" protocol="http"/>   
        RESTProxyTest();
        send_data();
        arrAddedFiles = new Array();
        this.uploadGrid.dataProvider= this.acFiles; 
        this.title = "Attachment: "+this.selectedTimeSheetDetail.Project.label;
}

public function RESTProxyTest():void
    {
        _conn = new NetConnection();
        _conn.addEventListener(AsyncErrorEvent.ASYNC_ERROR, doAsyncError);
        _conn.addEventListener(IOErrorEvent.IO_ERROR, doIOError);
        _conn.addEventListener(SecurityErrorEvent.SECURITY_ERROR, doSecurityError);
        _conn.addEventListener(NetStatusEvent.NET_STATUS, doNetStatus);
        _conn.objectEncoding = ObjectEncoding.AMF3;

        _conn.connect(_url);
        _responder = new Responder(onResult, onFault);  

    }

private function send_data():void {
        userRequest.url = getLoginURL();
        userRequest.addEventListener(ResultEvent.RESULT, httpResult);
        userRequest.addEventListener(FaultEvent.FAULT, onErrorFault); 
        userRequest.send();
    } 

private function onErrorFault(obj:FaultEvent):void
    {
        Alert.show("Error:"+obj.toString());
    }

private function httpResult(obj:ResultEvent):void
    {
        trace(obj.toString());

        var result:String = obj.result as String;       
        var pos:int = result.lastIndexOf("Auth=");
        var auth:String = result.substr(pos + 5);
        txtAuth.text = StringUtil.trim(auth);
        placeCall();
    }

protected function placeCall():void
    {
        trace("placeCall");
        var headers:Array = ["Authorization: " + "GoogleLogin auth=" + StringUtil.trim(txtAuth.text)];
        var postVars:Array = [];         
        var uri:String = "http://docs.google.com/feeds/documents/private/full?showfolders=true"; 
        _conn.call("RESTProxy.request", _responder, uri, "get", new Array(), postVars, headers);
    }

private function getLoginURL():String
    {
        var url:String = 'https://www.google.com/accounts/ClientLogin?accountType=HOSTED_OR_GOOGLE&' +
        'Email=' + this.session.config.gmail + '&' +
        'Passwd=' + this.session.config.password + '&service=writely'; 

        return url;
    }   
]]>
</mx:Script>

<mx:HTTPService id="userRequest" useProxy="false" method="POST" contentType="application/x-www-form-urlencoded" showBusyCursor="true"/>
0


source


I work around this problem by accessing the Flash Player configuration panel (I just recommend it in a development environment), under the Global Security tab, select Always Allow.

Sincerely.

0


source






More articles:


All Articles