This morning I was getting mad working with a colleague on the deployment of a RIA (Rich Internet Application) application developed targeting Adobe Flash 10
The application calls some web-services to get data from back-end system (data for tracking and telemetry of locomotives but this is irrilevant).
- When the application runs from Flash Player it works fine;
- When the application runs from the ActiveX hosted by IE nothing happened (meaning that we hadn’t crash, just it didn’t do anything…)
Using Fiddler we found that when a flash file is hosted by IE it asks for a crossdomain.xml resource.
Googling and looking to Adobe documentation we discovered that a crossdomain.xml must be deployed (saved) on the root of the web-server providing the web-services (that invoked back-end) and it contains the default policies allowing incoming Flash clients to call the hosted service.
Our crossdomain.xml is:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>
Don’t forget the last line to allow a SOAP (web-service) interaction.
It allows any incoming request from external Flash clients.
I admit that I’m totally incompetent on Flash and RIA techniques so I’ve lost a couple of hours on that!