+ Start a Discussion
Force2b_MikeForce2b_Mike 

Flex Builder Standalone - "Security error accessing url" error

I'm trying to get a simple HelloWorld application working on my local machine using the FlexBuilder v3 Beta and the most recent SFC Flex Toolkit. I've followed the code exactly as documented in the samples found online,  various screencasts, and even in downloaded the samples. Now matter what I do, I get the following error in the login step:

[FaultEvent fault=[RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"] messageId="274B3986-6992-1A79-1276-D7DF53D645C3" type="fault" bubbles=false cancelable=true eventPhase=2]

The login function I'm using is below:
    private function doLogin():void
    {
     var lr:LoginRequest = new LoginRequest();
     lr.username = "devlogin@blablabla.com";
     lr.password = "devloginpassword";
     lr.server_url = "http://www.salesforce.com/services/Soap/u/9.0";
     lr.callback = new AsyncResponder(loginResult, loginFault);
     conn.login(lr);
    }
What am I doing wrong?

Thanks for any help,

Mike
Best Answer chosen by Admin (Salesforce Developers) 
rajarakrajarak

Harmpie, 

 

Just one more option to try. In case of sandbox the issue is fixed.

 

<salesforce:Connection id="force" serverUrl="https://test.salesforce.com/services/Soap/u/14.0" protocol="https" /> 

 

 

private function init():void {

var lr:LoginRequest = new LoginRequest();

lr.username = "uname";

lr.password = "pwd";

 

if (this.parameters.server_url == null) {

force.serverUrl ="http://na5.salesforce.com/services/Soap/u/14.0";

}

lr.server_url = this.parameters.server_url;

lr.session_id = this.parameters.session_id;

lr.callback = new AsyncResponder(loginHandler,handleFault);

force.login(lr);

 

}

 

 

 

Message Edited by rajarak on 11-11-2009 01:24 PM

All Answers

Ron HessRon Hess
that is the fault when the login fails
also i think it's set to 10.0 now.
you should be able to comment out the server_url line as this is defaulted in the library.
server url is set after the login, or from an scontrol merge field.

Force2b_MikeForce2b_Mike
Ron,

Thanks for the fast reply. I had added the Server_URL line at one point during testing. I removed the line, but still get the exact same error. I just can't figure out why.

Mike
Ron HessRon Hess
does the sample app build and run ?, it's moved to sdk/test/salesforce/flex2/salesforce.mxml

if that app builds and runs, then i would guess its' your password, everything else looks correct.
Force2b_MikeForce2b_Mike
Ron,

Good question. The sample app looks like a real good one for testing, but unfortunately it doesn't work either. I get the same error. I am able to log into my developer SFC account using the same userid and password that I have in my code, so I'm confident that the values are correct. From what I can tell it doesn't look like it's even reaching SFC. The full error details from the Test App are below:
fault from operation: (com.salesforce.events::ApexFaultEvent)#0
  bubbles = false
  cancelable = true
  context = (null)
  currentTarget = (null)
  eventPhase = 2
  fault = (mx.rpc::Fault)#1
    errorID = 0
    faultCode = "Channel.Security.Error"
    faultDetail = "Destination: DefaultHTTP"
    faultString = "Security error accessing url"
    message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'"
    name = "Error"
    rootCause = (flash.events::SecurityErrorEvent)#2
      bubbles = false
      cancelable = false
      currentTarget = (flash.net::URLLoader)#3
        bytesLoaded = 0
        bytesTotal = 0
        data = (null)
        dataFormat = "text"
      eventPhase = 2
      target = (flash.net::URLLoader)#3
      text = "Error #2048: Security sandbox violation: http://172.29.1.142/flex/salesforce/bin/salesforce.swf cannot load data from https://www.salesforce.com/services/Soap/u/10.0."
      type = "securityError"
  headers = (null)
  message = (mx.messaging.messages::ErrorMessage)#4
    body = (Object)#5
    clientId = "DirectHTTPChannel0"
    correlationId = "8A15A406-8DE9-D9D2-8364-DC845DF998D9"
    destination = ""
    extendedData = (null)
    faultCode = "Channel.Security.Error"
    faultDetail = "Destination: DefaultHTTP"
    faultString = "Security error accessing url"
    headers = (Object)#6
    messageId = "EA948B97-D1DF-128B-F35D-DC845E1813EF"
    rootCause = (flash.events::SecurityErrorEvent)#2
    timestamp = 0
    timeToLive = 0
  messageId = "EA948B97-D1DF-128B-F35D-DC845E1813EF"
  target = (null)
  token = (mx.rpc::AsyncToken)#7
    message = (mx.messaging.messages::HTTPRequestMessage)#8
      body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><getServerTimestamp xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"/></se:Body></se:Envelope>"
      clientId = (null)
      contentType = "text/xml; charset=UTF-8"
      destination = "DefaultHTTP"
      headers = (Object)#9
        DSEndpoint = "direct_http_channel"
      httpHeaders = (Object)#10
        Accept = "text/xml"
        SOAPAction = """"
        X-Salesforce-No-500-SC = "true"
      messageId = "8A15A406-8DE9-D9D2-8364-DC845DF998D9"
      method = "POST"
      recordHeaders = false
      timestamp = 0
      timeToLive = 0
      url = "https://www.salesforce.com/services/Soap/u/10.0"
    responders = (Array)#11
      [0] (Connection.as$19::SalesForceResponder)#12
    result = (null)
  type = "fault"
It does mention a 'Security Sandbox Violation' in the error, though I do not have a Sandbox account. I'm trying to log into my standard Developer account.

Thanks,

Mike
JEndoJEndo
Hi Mike,

[quote]
Error #2048: Security sandbox violation: http://172.29.1.142/flex/salesforce/bin/salesforce.swf cannot load data from https://www.salesforce.com/services/Soap/u/10.0."
[/quote]
This is a Flash error, not a Salesforce error.  The sandbox referred to is the Flash sandbox in which your local app is running.

I'm getting the same error running from my local server, and here's what I think is the problem:

I first load the crossdomain file from https://www.salesforce.com/services/crossdomain.xml  - this is fine, as it allows all domains.  However, there seems to be a crossdomain file at the root level (https://www.salesforce.com/crossdomain.xml) also, which looks like:
<cross-domain-policy>
  <allow-access-from domain="http://www3.stream.co.jp" />
  <allow-access-from domain="http://salesforce.sitestream.com" />
</cross-domain-policy>


Since this second crossdomain file only allows access from those two domains, even though the lower-level crossdomain lets us
hit the /services directory, this crossdomain file placed at a higher directory level is overriding that.

Does that sound like it makes sense?

Thanks-

-Jesse


Force2b_MikeForce2b_Mike
Jesse,

Thank you for the information. If I understand the CrossDomain policy restrictions it looks to me like only the root
level file is being read and based on the info at Adobe.com's website, it looks like the root file must explicitly
allow https://www.salesforce.com and http://www.salesforce.com in order for any outside flash files to access SFC data:
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14213
http://www.adobe.com/devnet/flash/articles/fplayer_security_02.html

Could it be that the ball is in SFC's court?

Best Regards,

Mike
JEndoJEndo
Hi Mike,

>If I understand the CrossDomain policy restrictions it looks to me like only the root level file is being read and based on the info at Adobe.com's website, it looks like the root file must explicitly allow https://www.salesforce.com and http://www.salesforce.com in order for any outside flash files to access SFC data:

From my understanding (and I've only been using Flash/Flex for a couple months, so I may be off here), the crossdomain policy files on the Salesforce side dictate which domains are allowed to access Flash resources in the Salesforce.com domain.  The crossdomain file at www.salesforce.com/services allows all domains access, however, because the one at www.salesforce.com (a higher-level directory) only allows access from the domains explicitly listed, that list is overriding the policy in the /services directory.

When I put my app inside an S-control, it can access the SFDC resources fine, as it's running from within the Salesforce.com domain.  However, attempting to run it from my local server results in the error because I'm not running it from one of the domains listed in the www.salesforce.com/crossdomain.xml file.

>Could it be that the ball is in SFC's court?

This certainly seems to be the case.  I'm hoping one of the SFDC folks will chime in here and let me know if I'm off-base, and what the solution may be if it's a problem on our side.

Thanks-

-Jesse
aglaforgeaglaforge
I'm seeing the same error using the example code and FlexBuilder 2, deployed on a localhost.  Has anyone come up with a resolution on this?  I'd very much like to test this as a stand alone app.  I'm confident the username and password I'm passing are correct, which makes it look like a issue on the security side.  I'll be the first to admit that I'm a bit new to Flex, so this error might be on my side, but it seems odd that other people are experiencing the same issue.

Any help would be kindly appreciated.

Cheers,

Anthony
DevAngelDevAngel
Hey Guys,

To run the flex stuff from another server, you will need to do one of two things.  So far the conversation has been on the parts of the url domain to the far right (www.salesforce.com/crossdomain.xml and /services/crossdomain.xml).  To be able to run the flex app from your app server, you will need to use http (non ssl) when using the api (serverUrl = "http://www.salesforce.com/services/Soap/u/10"), OR, you will need to install a cert on your app server and test using https://localhost/<whatever>.

Flex will not allow retrieving data from one protocol to the other, even if you have processed the crossdomain.xml file.


Hope that helps.



Cheers



JEndoJEndo
Thanks for the input Dave-  When you say:

>To be able to run the flex app from your app server, you will need to use http (non ssl) when using the api (serverUrl = "http://www.salesforce.com/services/Soap/u/10")

You mean we should explicitly set the serverUrl property of the Connection object to the above address?  Is this before or after calling login() on the Connection?  Does this do something different than setting the protocol property to HTTP?

Thanks-

-Jesse
DevAngelDevAngel
You can specify the protocol in the tag
<connection serverUrl="http://www.salesforce.com/services/Soap/u/10.0" protocol="http" />

It must be prior to login, you need to use that connection to login after all.

After login, the toolkit resets the url to the one returned from the loginResult object.  This is always "https", so setting protocol will override the protocol returned from the login call.


Force2b_MikeForce2b_Mike
Thanks for the help. The Test app that comes with the SFC Flex SDK is working fine, though my app isn't. Probably something in my code, so I'll compare to the test app to get it working.

Mike
jev007jev007
Still not clear here.  Can someone post the steps it woudl take to run the sample salesforce.mxml example on a web server?

Thanks!
SpectrumGFASpectrumGFA
I am having this same issue, did anyone ever get this resolved?
Ron HessRon Hess
if the server you are running the SWF from is http, and not HTTPS, then you must set the connection protocol to match or flash will fail

here is the setter

    public function set protocol(value:String):void {
         

so you create a connection object and then call

connection.protocol('http');



SpectrumGFASpectrumGFA

I have tried setting it in MXML like this  (With and without serverUrl):

<salesforce:Connection id="apex" protocol="http" serverUrl="http://www.salesforce.com/services/Soap/u/11.0"

I also tried it in actionscript with apex.protocol = "http";

I cannot get it to login even on my local machine.

 

 

Ron HessRon Hess
right, both of those dont work

you must call the setter on the connection after it's instanced

connection.protocol('http');
jev007jev007
Ron,

I had my app working, but just realized it no longer works in with the latest flash player.  I assume it has something to do with all the security changes in the Flash player: http://www.adobe.com/devnet/flashplayer/articles/flash_player9_security_update.html.  When it originally didn't work and I posted above, all I changed to get it to work was adding protocol="http" to salesforce:Connection.  Any advice on handling issues introduced in the latest flash player?

Thanks!
JEndoJEndo
The security flaw addressed by the 9.0.124.0 release requires cross-domain files to include meta-policy information now.  Salesforce has not yet updated their cross-domain files to include this:

Code:
Warning: Domain na2.salesforce.com does not specify a meta-policy.  Applying default meta-policy 'all'.  This configuration is deprecated.  See http://www.adobe.com/go/strict_policy_files to fix this problem.

Warning: Domain www.salesforce.com does not specify a meta-policy.  Applying default meta-policy 'all'.  This configuration is deprecated.  See http://www.adobe.com/go/strict_policy_files to fix this problem.

 That was connecting through a 9.0.115.0 version of Flash- the latest version's default meta-policy is 'none,' which is probably why you are having trouble connecting.

Until SFDC updates their cross-domain files, you can get around this by using an older version of Flash.

Edit: Here's the link which explains the Phase 1 (9.0.115.0) and Phase 2 (9.0.124.0) Flash player meta-policy rules:

http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_03.html

Thanks-

-Jesse



Message Edited by JEndo on 04-16-2008 11:53 AM
jev007jev007
Does anyone know if or when salesforce.com will update the policy file??

Thanks!
Ron HessRon Hess
A case has been opened,
 Thanks
jev007jev007
Any word on this?  I am starting to think it is something I should be able to fix because I figured more people would be crying for an update.  Maybe more will once people start updating their flash player.  I would not even have thought about it if I didn't just rebuild a machine and happen to test my app before going live.

Any advice on getting this case elevated?

Thanks!
JEndoJEndo
Salesforce updated their cross-domain files on the 25th- hopefully this resolved the issue.

It actually had to do with some HTTP Header requests being sent by the Salesforce toolkit, if I understand the issue correctly, not the meta-policy default.

Thanks-

-Jesse
ShawnFShawnF
I've been watching this thread for a while now because my flex app was getting the same error when I loaded it to my web server. I could get it to load correctly on my local machine, but when I built a release build and moved it to my web server I would get the same error.

I am using Flex Builder 3 and got it to work by adding this line:

<salesforce:Connection id="apex" sendRequest="sendRequestListener(event)" serverUrl="http://www.salesforce.com/services/Soap/u/10.0" protocol="http"/>

It worked once I added the serverURL and protocol to the connection string above, exported a Release Build from Flex and loaded to my web server.

I like for these community posts to be more descriptive but that is truly all I did - added the serverURL and protocot to the salesforce:Connection string.
LeonardLeonard
Ron,

I'm gettting this error when I try and set:
Code:
apex.protocol('http');

 


1195: Attempted access of inaccessible method protocol through a reference with static type com.salesforce:Connection.    scontrol/src    SimpleGrid.mxml    line 110    1218224906085    1452

Ron WildRon Wild
Try apex.protocol = 'http';
GanuGanu
Am using flexbuilder interrogation with SF, I have included the .SWF in static resources and I call this in my vforce tab,
And my problem is its working in my local machine(while running the SWF file), but not in SF vforce page and I get the following error,
Please give me your suggestion!
Code:
(com.salesforce.events::ApexFaultEvent)#0
  bubbles = false
  cancelable = true
  context = (null)
  currentTarget = (null)
  eventPhase = 2
  fault = (mx.rpc::Fault)#1
    errorID = 0
    faultCode = "Channel.Security.Error"
    faultDetail = "Destination: DefaultHTTPS"
    faultString = "Security error accessing url"
    message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTPS'"
    name = "Error"
    rootCause = (flash.events::SecurityErrorEvent)#2
      bubbles = false
      cancelable = false
      currentTarget = (flash.net::URLLoader)#3
        bytesLoaded = 0
        bytesTotal = 0
        data = (null)
        dataFormat = "text"
      eventPhase = 2
      target = (flash.net::URLLoader)#3
      text = "Error #2170"
      type = "securityError"
  headers = (null)
  message = (mx.messaging.messages::ErrorMessage)#4
    body = (Object)#5
    clientId = "DirectHTTPChannel0"
    correlationId = "D6C818D2-D8F7-139D-CFB0-266BC73A5BDB"
    destination = ""
    extendedData = (null)
    faultCode = "Channel.Security.Error"
    faultDetail = "Destination: DefaultHTTPS"
    faultString = "Security error accessing url"
    headers = (Object)#6
    messageId = "3F0D807A-5EDA-A857-9D72-266BC825AD46"
    rootCause = (flash.events::SecurityErrorEvent)#2
    timestamp = 0
    timeToLive = 0
  messageId = "3F0D807A-5EDA-A857-9D72-266BC825AD46"
  target = (null)
  token = (mx.rpc::AsyncToken)#7
    message = (mx.messaging.messages::HTTPRequestMessage)#8
      body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>ganu.ss@gmail.com</username><password>ganeshGTGs31SuJKXiuufauCMN0IXdG</password></login></se:Body></se:Envelope>"
      clientId = (null)
      contentType = "text/xml; charset=UTF-8"
      destination = "DefaultHTTPS"
      headers = (Object)#9
        DSEndpoint = "direct_http_channel"
      httpHeaders = (Object)#10
        Accept = "text/xml"
        SOAPAction = """"
        X-Salesforce-No-500-SC = "true"
      messageId = "D6C818D2-D8F7-139D-CFB0-266BC73A5BDB"
      method = "POST"
      recordHeaders = false
      timestamp = 0
      timeToLive = 0
      url = "http://www.salesforce.com/services/Soap/u/10.0"
    responders = (Array)#11
      [0] (Connection.as$23::SalesForceResponder)#12
    result = (null)
  type = "fault"

 
This is my Code:
Code:
<—xml version="1.0" encoding="utf-8"–>
<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute" xmlns:salesforce="http://www.salesforce.com/" applicationComplete="login(event);"  backgroundColor="#FFFFFF" width="588" color="#FFFFFF" backgroundDisabledColor="#FFFFFF" backgroundGradientColors="#FFFFFF" height="560">
<salesforce:Connection id="apex" serverUrl="http://www.salesforce.com/services/Soap/u/10.0" protocol="http" />
<mx:Script>
<![CDATA[
   import mx.collections.ArrayCollection;
   import com.salesforce.results.QueryResult;
   import com.salesforce.objects.SObject;
   import mx.utils.ObjectUtil;
   import mx.controls.Alert;
   import com.salesforce.AsyncResponder;
   import com.salesforce.objects.LoginRequest;
   import com.salesforce.results.QueryResult;
 private function login(event:Event):void {    
    var lr:LoginRequest = new LoginRequest(   {
      server_url : this.parameters.server_url,
         session_id : this.parameters.session_id,
            username :"mylogin@g.com",            
            password :"possword+sequritytoken",            
             callback : new AsyncResponder(render,handleFault)            
            } );                  
        apex.login(lr); 
   }
private function handleFault(fault:Object):void {
    Alert.show(ObjectUtil.toString(fault));
   }

private function render(result:Object):void {
 Alert.show("You Have Logg To SF!");
}
]]>

</mx:Script>    
</mx:Application>

 
daveydavey

Hello, I am uploading a file from flex to Google docs.  Everything is working in the local file however, when we upload the SWF file as S-controls in Salesforce (sandbox), an error appears upon connecting to Google.  Please see error below:

 

Error:[FaultEvent fault=[RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTPS"] messageId="1F812836-1318-B845-AC01-F51AB1D11518" type="fault" bubbles=false cancelable=true eventPhase=2]

We tried the following solutions below but nothing seems to work:

 

FLEX:

-         Add the crossdomain.xml in the bin-debug folder: below is the content of the cross domain policy.

            <?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

                         <allow-access-from domain="*" secure="false" />

  <allow-http-request-headers-from domain="*" headers="*" secure="false" />

</cross-domain-policy>

-         Used flash.system.security.allowinsecuredomain/allowdomain(“*”) in the initialization.

-         Also tried in the connection.protocol set to http

Salesforce:

-         Disabled the protocol security in the remote site settings

o       Setup -> Administration Setup -> Security Controls -> Remote Site Settings

§         URL: http://www.google.com.ph

 

 continuation on next post......

 


 

daveydavey

There’s no problem in connection to Salesforce but upon initialization of the uploading page the security error will appear specifically in the onErrorFault function.  Below are code snippets:

 

<?xml version="1.0" encoding="utf-8"?> <mx:TitleWindow xmlns:mx="http://www.adobe.com/2006/mxml" layout="vertical" width="534" height="462" verticalScrollPolicy="off" horizontalScrollPolicy="off" creationComplete="init()" showCloseButton="true" close="{this.closeWindow(event)}" roundedBottomCorners="true"> <mx:Script> <![CDATA[ private function init():void{ Security.allowInsecureDomain("*"); //<salesforce:Connection id="apex" sendRequest="sendRequestListener(event)" serverUrl="http://www.salesforce.com/services/Soap/u/10.0" protocol="http"/> RESTProxyTest(); send_data(); arrAddedFiles = new Array(); this.uploadGrid.dataProvider= this.acFiles; this.title = "Attachment: "+this.selectedTimeSheetDetail.Project.label;} public function RESTProxyTest():void{ _conn = new NetConnection(); _conn.addEventListener(AsyncErrorEvent.ASYNC_ERROR, doAsyncError); _conn.addEventListener(IOErrorEvent.IO_ERROR, doIOError); _conn.addEventListener(SecurityErrorEvent.SECURITY_ERROR, doSecurityError); _conn.addEventListener(NetStatusEvent.NET_STATUS, doNetStatus); _conn.objectEncoding = ObjectEncoding.AMF3; _conn.connect(_url); _responder = new Responder(onResult, onFault);} private function send_data():void { userRequest.url = getLoginURL(); userRequest.addEventListener(ResultEvent.RESULT, httpResult); userRequest.addEventListener(FaultEvent.FAULT, onErrorFault); userRequest.send();} private function onErrorFault(obj:FaultEvent):void{ Alert.show("Error:"+obj.toString());} private function httpResult(obj:ResultEvent):void{ trace(obj.toString()); var result:String = obj.result as String; var pos:int = result.lastIndexOf("Auth="); var auth:String = result.substr(pos + 5); txtAuth.text = StringUtil.trim(auth); placeCall();} protected function placeCall():void{ trace("placeCall"); var headers:Array = ["Authorization: " + "GoogleLogin auth=" + StringUtil.trim(txtAuth.text)]; var postVars:Array = []; var uri:String = "http://docs.google.com/feeds/documents/private/full?showfolders=true"; _conn.call("RESTProxy.request", _responder, uri, "get", new Array(), postVars, headers);} private function getLoginURL():String{ var url:String = 'https://www.google.com/accounts/ClientLogin?accountType=HOSTED_OR_GOOGLE&' + 'Email=' + this.session.config.gmail + '&' + 'Passwd=' + this.session.config.password + '&service=writely'; return url;} ]]> </mx:Script> <mx:HTTPService id="userRequest" useProxy="false" method="POST" contentType="application/x-www-form-urlencoded" showBusyCursor="true"/>

 


  

 Please help.... youre responses are highly appreciated.

rajarakrajarak

The below snippet worked for me..

 

 

<salesforce1:Connection id="force" serverUrl="https://www.salesforce.com/services/Soap/u/14.0"/>private function init():void{var lr:LoginRequest = new LoginRequest();lr.username = "";lr.password = "";lr.server_url = parameters.server_url;lr.session_id = parameters.session_id;lr.callback = new AsyncResponder(loginHandler,handleFault);force.login(lr);}

 

 

 

 

 

HarmpieHarmpie

I tried every suggestion in this thread... Changing API versions, hacking SF libraries, different ways of constructing the connection... but... it does NOT work on a sandbox! Keep ending up with this error:

 

(com.salesforce::Connection)#0 applicationDomain = (null) applicationServerName = (null) applicationUrl = (null) IsLoggedIn = false loginResult = (null) organizationId = (null) portalId = (null) protocol = "https" serverUrl = "https://test.salesforce.com/services/Soap/u/14.0"(com.salesforce.events::ApexFaultEvent)#0 bubbles = false cancelable = true context = (null) currentTarget = (null) eventPhase = 2 fault = (mx.rpc::Fault)#1 content = (null) errorID = 0 faultCode = "Channel.Security.Error" faultDetail = "Destination: DefaultHTTP" faultString = "Security error accessing url" message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'" name = "Error" rootCause = (flash.events::SecurityErrorEvent)#2 bubbles = false cancelable = false currentTarget = (flash.net::URLLoader)#3 bytesLoaded = 0 bytesTotal = 0 data = (null) dataFormat = "text" eventPhase = 2 target = (flash.net::URLLoader)#3 text = "Error #2170" type = "securityError" headers = (null) message = (mx.messaging.messages::ErrorMessage)#4 body = (null) clientId = "DirectHTTPChannel0" correlationId = "9E8ED072-B711-68C9-DAE5-B204678F8F5A" destination = "" extendedData = (null) faultCode = "Channel.Security.Error" faultDetail = "Destination: DefaultHTTP" faultString = "Security error accessing url" headers = (Object)#5 DSStatusCode = 0 messageId = "41D57F8F-9A99-5A20-0B96-B20467ABA5D7" rootCause = (flash.events::SecurityErrorEvent)#2 timestamp = 0 timeToLive = 0 messageId = "41D57F8F-9A99-5A20-0B96-B20467ABA5D7" statusCode = 0 target = (null) token = (mx.rpc::AsyncToken)#6 message = (mx.messaging.messages::HTTPRequestMessage)#7 body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><query xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><queryString>SELECT Id, Date__c, Weight__c, Resource__c, Project_Task__c,Project_Task__r.Name FROM VIV_Resource_Assignment__c WHERE Resource__c in () AND Date__c&gt;= 2009-11-09 AND Date__c&lt;=2009-11-15 ORDER BY Resource__c,Date__c ASC</queryString></query></se:Body></se:Envelope>" clientId = (null) contentType = "text/xml; charset=UTF-8" destination = "DefaultHTTP" headers = (Object)#8 DSEndpoint = "direct_http_channel" httpHeaders = (Object)#9 Accept = "text/xml" SOAPAction = """" X-Salesforce-No-500-SC = "true" messageId = "9E8ED072-B711-68C9-DAE5-B204678F8F5A" method = "POST" recordHeaders = false timestamp = 0 timeToLive = 0 url = "https://test.salesforce.com/services/Soap/u/14.0?1000.1537639200687" responders = (Array)#10 [0] (::SalesForceResponder)#11 result = (null) type = "fault"

 

Can somebody please tell me what to do? I feel like I am wasting my time building flex applications for the platform like this.

rajarakrajarak

I had the same issue with sandbox, did u try using these lines in login method of your flex app?

 

server_url = parameters.server_url;

session_id = parameters.session_id; 

 

can you provide your login method and connection tag?

 

bryanobryano

I could not figure out how to login to a sandbox environment with the Flex toolkit for the longest time.  What finally worked for me was to set the server url in the Connection object in MXML and NOT in the LoginRequest.

 

Here is a sample application that logs in to a sandbox:

<?xml version="1.0" encoding="utf-8"?>

<mx:Application 

    xmlns:mx="http://www.adobe.com/2006/mxml" 

    xmlns:sf="com.salesforce.*"

    layout="absolute" 

    creationComplete="login()">

    

    <mx:Script>

        <![CDATA[

            import com.salesforce.AsyncResponder;

            import mx.controls.Alert;

            import com.salesforce.results.Fault;

            import com.salesforce.results.LoginResult;

            import com.salesforce.objects.LoginRequest;

            

            private var _username:String = ""; // sandbox user

            private var _password:String = ""; // sandbox password

 

            private function login():void {

                var lr:LoginRequest = new LoginRequest()

                lr.username = _username;

                lr.password = _password;

                lr.callback = new AsyncResponder(loginSuccess, loginFault);

                apex.login(lr);

            }

            

            private function loginSuccess(result:LoginResult):void {

                Alert.show("success")

            }

            

            private function loginFault(result:Fault):void {

                Alert.show("failure")

            }

        ]]>

    </mx:Script>

 

    <sf:Connection id="apex" serverUrl="https://test.salesforce.com/services/Soap/u/17.0"/>

 

</mx:Application>


 

Message Edited by bryano on 11-05-2009 05:56 PM

Message Edited by bryano on 11-05-2009 06:05 PM
HarmpieHarmpie

Hi Rajarak.

 

Login routine:

private function init():void{ initVars(); var lr:LoginRequest = new LoginRequest(); lr.username = "<sandboxun>"; lr.password = "<somepass>"; lr.server_url = parameters.server_url; lr.session_id = parameters.session_id; //lr.server_url = "https://test.salesforce.com/services/Soap/u/17.0"; lr.callback = new AsyncResponder(loginHandler,handleSfFault); force.login(lr); }

(tried this routine with almost any line commented/uncommented). Also tried different API versions

 

Connection tag (also tried in many variants):

 

<salesforce:Connection id="force" serverUrl="https://test.salesforce.com/services/Soap/u/17.0" />

Error:

 

(com.salesforce.events::ApexFaultEvent)#0 bubbles = false cancelable = true context = (null) currentTarget = (null) eventPhase = 2 fault = (mx.rpc::Fault)#1 content = (null) errorID = 0 faultCode = "Channel.Security.Error" faultDetail = "Destination: DefaultHTTP" faultString = "Security error accessing url" message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'" name = "Error" rootCause = (flash.events::SecurityErrorEvent)#2 bubbles = false cancelable = false currentTarget = (flash.net::URLLoader)#3 bytesLoaded = 0 bytesTotal = 0 data = (null) dataFormat = "text" eventPhase = 2 target = (flash.net::URLLoader)#3 text = "Error #2170" type = "securityError" headers = (null) message = (mx.messaging.messages::ErrorMessage)#4 body = (null) clientId = "DirectHTTPChannel0" correlationId = "126BE783-F6FA-F0EC-80D6-B21FFB4A1DC9" destination = "" extendedData = (null) faultCode = "Channel.Security.Error" faultDetail = "Destination: DefaultHTTP" faultString = "Security error accessing url" headers = (Object)#5 DSStatusCode = 0 messageId = "538A160F-254D-D67E-692C-B21FFDB1514F" rootCause = (flash.events::SecurityErrorEvent)#2 timestamp = 0 timeToLive = 0 messageId = "538A160F-254D-D67E-692C-B21FFDB1514F" statusCode = 0 target = (null) token = (mx.rpc::AsyncToken)#6 message = (mx.messaging.messages::HTTPRequestMessage)#7 body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>un</username><password>xxxxxxx</password></login></se:Body></se:Envelope>" clientId = (null) contentType = "text/xml; charset=UTF-8" destination = "DefaultHTTP" headers = (Object)#8 DSEndpoint = "direct_http_channel" httpHeaders = (Object)#9 Accept = "text/xml" SOAPAction = """" X-Salesforce-No-500-SC = "true" messageId = "126BE783-F6FA-F0EC-80D6-B21FFB4A1DC9" method = "POST" recordHeaders = false timestamp = 0 timeToLive = 0 url = "https://test.salesforce.com/services/Soap/u/14.0?1000.7715110806748" responders = (Array)#10 [0] (::SalesForceResponder)#11 result = (null) type = "fault"

 

Message Edited by Harmpie on 11-01-2009 03:57 PM
pedrovarela1590pedrovarela1590
IT IS NOVEMBER 2009.... THEY HAVENT UPDATE THEIR POLICY FILE.. I'M GETTING THIS ERROR... WHAT IS GOING ON WITH SALESFORCE.COM.. WE ARE PAYING A SERVICE.. WE NEED SOLUTIONS.. Warning: Domain www.salesforce.com does not explicitly specify a meta-policy, but Content-Type of policy file https://www.salesforce.com/crossdomain.xml is 'text/x-cross-domain-policy'. Applying meta-policy 'by-content-type'. Error: Request for resource at https://www.salesforce.com/services/Soap/u/15.0?1000.9192325132899 by requestor from http://sagitarius/flex/OEComponents.swf is denied due to lack of policy file permissions. *** Security Sandbox Violation *** Connection to https://www.salesforce.com/services/Soap/u/15.0?1000.9192325132899 halted - not permitted from http://sagitarius/flex/OEComponents.swf
pedrovarela1590pedrovarela1590
:smileymad: it doesn't work for me.
rajarakrajarak

Harmpie, 

 

Just one more option to try. In case of sandbox the issue is fixed.

 

<salesforce:Connection id="force" serverUrl="https://test.salesforce.com/services/Soap/u/14.0" protocol="https" /> 

 

 

private function init():void {

var lr:LoginRequest = new LoginRequest();

lr.username = "uname";

lr.password = "pwd";

 

if (this.parameters.server_url == null) {

force.serverUrl ="http://na5.salesforce.com/services/Soap/u/14.0";

}

lr.server_url = this.parameters.server_url;

lr.session_id = this.parameters.session_id;

lr.callback = new AsyncResponder(loginHandler,handleFault);

force.login(lr);

 

}

 

 

 

Message Edited by rajarak on 11-11-2009 01:24 PM
This was selected as the best answer
HarmpieHarmpie

Hi Rajarak,

 

Thanks for your feedback. I tried the solution.

 

First I tried this (Connection tag exactly as yours)

if (this.parameters.server_url == null) {

force.serverUrl ="http://na5.salesforce.com/services/Soap/u/14.0";

}

I receive a error now, that my login or security token is incorrect. This could very well be, because my sandbox is actually on cs2.

 

So I tried

if (this.parameters.server_url == null) {

force.serverUrl ="http://c2.salesforce.com/services/Soap/u/14.0";

}

 

No more login errors, but now, even inside flex, I receive this error:

(com.salesforce.results::Fault)#0
context = (null)
detail = (Object)#1
UnexpectedErrorFault = (Object)#2
exceptionCode = "UNSUPPORTED_CLIENT"
exceptionMessage = "HTTPS Required"
xsi:type = "sf:UnexpectedErrorFault"
faultcode = "sf:UNSUPPORTED_CLIENT"
faultstring = "UNSUPPORTED_CLIENT: HTTPS Required"

 

 

an error, which I have had before when trying different protocols, url etc.Then...suddenly I got very happy, as I remembered the setting in the security controls to only allow https! Thought the problem would be solved now! 

 

So unchecked the 'https required' and tried again.... it works!!! (In the flex builder that is)

 

Time for a test online (http://www.harmkorten.nl/flex/VIV_Planner_2.html) ... failllure :( A new error this time though, one I think i've seen before in this thread:

 

 

(com.salesforce.events::ApexFaultEvent)#0
bubbles = false
cancelable = true
context = (null)
currentTarget = (null)
eventPhase = 2
fault = (mx.rpc::Fault)#1
content = (null)
errorID = 0
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'"
name = "Error"
rootCause = (flash.events::SecurityErrorEvent)#2
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#3
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text"
eventPhase = 2
target = (flash.net::URLLoader)#3
text = "Error #2170: Security sandbox violation: http://www.harmkorten.nl/flex/VIV_Planner_2.swf cannot send HTTP headers to https://cs2-api.salesforce.com/services/Soap/u/14.0/00DR00000008CLA?1000.7266148291528."
type = "securityError"
headers = (null)
message = (mx.messaging.messages::ErrorMessage)#4
body = (null)
clientId = "DirectHTTPChannel0"
correlationId = "662898D2-44A2-FB5E-68B4-E4A9F33B5CA6"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#5
DSStatusCode = 0
messageId = "FF9DE558-D09C-0887-63EF-E4A9F9EA0508"
rootCause = (flash.events::SecurityErrorEvent)#2
timestamp = 0
timeToLive = 0
messageId = "FF9DE558-D09C-0887-63EF-E4A9F9EA0508"
statusCode = 0
target = (null)
token = (mx.rpc::AsyncToken)#6
message = (mx.messaging.messages::HTTPRequestMessage)#7
body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"><sfns:SessionHeader><sessionId>00DR00000008CLA!ARUAQBlnjZZIUd4yq2UzRm5P50abZ3uDrDkRbdJAewetoNrG96mdOGd2QSnVF06mVgVZ6n8Rqg00rFCy9_NGM0rpx95poDaw</sessionId></sfns:SessionHeader></se:Header><se:Body><query xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><queryString>SELECT Id, Name, OpportunityLineItemId__c,VIV_Project__c,VIV_Project__r.Name, VIV_Project__r.Schedule_Planning__c, VIV_Project__r.Opportunity__c,VIV_Project__r.Opportunity__r.Name FROM VIV_Project_Task__c</queryString></query></se:Body></se:Envelope>"
clientId = (null)
contentType = "text/xml; charset=UTF-8"
destination = "DefaultHTTP"
headers = (Object)#8
DSEndpoint = "direct_http_channel"
httpHeaders = (Object)#9
Accept = "text/xml"
SOAPAction = """"
X-Salesforce-No-500-SC = "true"
messageId = "662898D2-44A2-FB5E-68B4-E4A9F33B5CA6"
method = "POST"
recordHeaders = false
timestamp = 0
timeToLive = 0
url = "https://cs2-api.salesforce.com/services/Soap/u/14.0/00DR00000008CLA?1000.7266148291528"
responders = (Array)#10
[0] (::SalesForceResponder)#11
result = (null)
type = "fault"(com.salesforce.events::ApexFaultEvent)#0
bubbles = false
cancelable = true
context = (null)
currentTarget = (null)
eventPhase = 2
fault = (mx.rpc::Fault)#1
content = (null)
errorID = 0
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
message = "faultCode:Channel.Security.Error faultString:'Security error accessing url' faultDetail:'Destination: DefaultHTTP'"
name = "Error"
rootCause = (flash.events::SecurityErrorEvent)#2
bubbles = false
cancelable = false
currentTarget = (flash.net::URLLoader)#3
bytesLoaded = 0
bytesTotal = 0
data = (null)
dataFormat = "text"
eventPhase = 2
target = (flash.net::URLLoader)#3
text = "Error #2170: Security sandbox violation: http://www.harmkorten.nl/flex/VIV_Planner_2.swf cannot send HTTP headers to https://cs2-api.salesforce.com/services/Soap/u/14.0/00DR00000008CLA?1000.5822666748427."
type = "securityError"
headers = (null)
message = (mx.messaging.messages::ErrorMessage)#4
body = (null)
clientId = "DirectHTTPChannel0"
correlationId = "5EA262D6-489B-EAE5-AC61-E4A9F33B3F83"
destination = ""
extendedData = (null)
faultCode = "Channel.Security.Error"
faultDetail = "Destination: DefaultHTTP"
faultString = "Security error accessing url"
headers = (Object)#5
DSStatusCode = 0
messageId = "2AF19926-8FA3-83E2-800F-E4A9F9F01EA6"
rootCause = (flash.events::SecurityErrorEvent)#2
timestamp = 0
timeToLive = 0
messageId = "2AF19926-8FA3-83E2-800F-E4A9F9F01EA6"
statusCode = 0
target = (null)
token = (mx.rpc::AsyncToken)#6
message = (mx.messaging.messages::HTTPRequestMessage)#7
body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"><sfns:SessionHeader><sessionId>00DR00000008CLA!ARUAQBlnjZZIUd4yq2UzRm5P50abZ3uDrDkRbdJAewetoNrG96mdOGd2QSnVF06mVgVZ6n8Rqg00rFCy9_NGM0rpx95poDaw</sessionId></sfns:SessionHeader></se:Header><se:Body><query xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><queryString>SELECT Id, Name FROM VIV_Resource__c</queryString></query></se:Body></se:Envelope>"
clientId = (null)
contentType = "text/xml; charset=UTF-8"
destination = "DefaultHTTP"
headers = (Object)#8
DSEndpoint = "direct_http_channel"
httpHeaders = (Object)#9
Accept = "text/xml"
SOAPAction = """"
X-Salesforce-No-500-SC = "true"
messageId = "5EA262D6-489B-EAE5-AC61-E4A9F33B3F83"
method = "POST"
recordHeaders = false
timestamp = 0
timeToLive = 0
url = "https://cs2-api.salesforce.com/services/Soap/u/14.0/00DR00000008CLA?1000.5822666748427"
responders = (Array)#10
[0] (::SalesForceResponder)#11
result = (null)
type = "fault"

 

 

 

.... well, the login did go right this time!

 

Anyone got a fix for this 1, or is it simply impossible to run a flash integration from an external site?

 

I also put the swf inside a visual force page on the sandbox now, and there it does work. So Rajarak, thanks for fixing that!

Message Edited by Harmpie on 11-11-2009 11:28 AM
pedrovarela1590pedrovarela1590

I found the solution to all of this problems, I post how to solve it here: Re: Can you use flex and develop locally on a domain, without having https?

 

If you can't see it, here is how

 

:smileyhappy: yes!!!!

 

This problem can be solved like this.. 

 

1. Go to your salesforce settings https://na6.salesforce.com/help/doc/en/admin_sessions.htm

2. Or read this first. https://na6.salesforce.com/help/doc/en/admin_sessions.htm

3. Uncheck where says Require secure connections (HTTPS) (If your application isn't in a secure enviroment uncheck it, otherwise if you app is in some address like https://www.yourapp.com let it checked)

4. On your MXML tag <salesforce:Connection id="force"  serverUrl="http://www.salesforce.com/services/Soap/u/10.0" protocol="http"/>  this is to make sure we is http request

 

5. And that's it!!! :smileyvery-happy:  When you try again won't have any problem, Just some warnings in your console, but it doesn't matter

Accepted Solution
Accepted Solution
11-10-2009 12:01 PM
DavidsuDavidsu

Hi,

 

I have followed everything here, but still could not login to salesforce. This is the error.

 

Error #2170: Security sandbox violation: http://192.168. 1.113:8080/ yfiles-flex/ sf/salesforce. swf cannot send HTTP headers to http://test. salesforce. com/services/ Soap/u/16. 0?1000.783619642 2577

 

 

I have followed all the steps here:

1. Go to your salesforce settings https://na6.salesforce.com/help/doc/en/admin_sessions.htm

2. Or read this first. https://na6.salesforce.com/help/doc/en/admin_sessions.htm

3. Uncheck where says Require secure connections (HTTPS) (If your application isn't in a secure enviroment uncheck it, otherwise if you app is in some address like https://www.yourapp.com let it checked)

4. On your MXML tag <salesforce:Connection id="force"  serverUrl="http://www.salesforce.com/services/Soap/u/10.0" protocol="http"/>  this is to make sure we is http request

 

Any help to solve this appreciated.

 

Can you pass me your force-flex.swc to jeyathilak@yahoo.com?

 

Thank you
David.