You need to sign in to do that
Don't have an account?
simonjpalmer
Security Sandbox Error with Flex/Air 1.0 toolkit
I have been connecting to sf.com to read data for more than a year from my app and suddenly tonight it has stopped working.
I have the following exception (I have deliberately removed the username and password, but I have checked that they are correct and refer to the latest security token.
This was working fine erlier today and I have changed no code...
Method name is: login
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer connected.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer sending message 'B89E5879-D7F7-E91E-2082-BBEE231054DD'
'direct_http_channel' channel sending message:
(mx.messaging.messages::HTTPRequestMessage)#0
body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>simon.palmer@*****.com</username><password>*****</password></login></se:Body></se:Envelope>"
clientId = (null)
contentType = "text/xml; charset=UTF-8"
destination = "DefaultHTTPS"
headers = (Object)#1
httpHeaders = (Object)#2
Accept = "text/xml"
SOAPAction = """"
X-Salesforce-No-500-SC = "true"
messageId = "B89E5879-D7F7-E91E-2082-BBEE231054DD"
method = "POST"
recordHeaders = false
timestamp = 0
timeToLive = 0
url = "https://www.salesforce.com/services/Soap/u/11.0"
Method name is: login
*** Security Sandbox Violation ***
Connection to https://www.salesforce.com/services/Soap/u/11.0 halted - not permitted from https://localhost/pm_server/pm/pm-debug.swf
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer acknowledge of 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer fault for 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
Comunication Error : Channel.Security.Error : Security error accessing url : Destination: DefaultHTTPS
Error: Request for resource at https://www.salesforce.com/services/Soap/u/11.0 by requestor from https://localhost/pm_server/pm/pm-debug.swf is denied due to lack of policy file permissions.
What has changed?
I have the following exception (I have deliberately removed the username and password, but I have checked that they are correct and refer to the latest security token.
This was working fine erlier today and I have changed no code...
Method name is: login
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer connected.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer sending message 'B89E5879-D7F7-E91E-2082-BBEE231054DD'
'direct_http_channel' channel sending message:
(mx.messaging.messages::HTTPRequestMessage)#0
body = "<se:Envelope xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header xmlns:sfns="urn:partner.soap.sforce.com"/><se:Body><login xmlns="urn:partner.soap.sforce.com" xmlns:ns1="sobject.partner.soap.sforce.com"><username>simon.palmer@*****.com</username><password>*****</password></login></se:Body></se:Envelope>"
clientId = (null)
contentType = "text/xml; charset=UTF-8"
destination = "DefaultHTTPS"
headers = (Object)#1
httpHeaders = (Object)#2
Accept = "text/xml"
SOAPAction = """"
X-Salesforce-No-500-SC = "true"
messageId = "B89E5879-D7F7-E91E-2082-BBEE231054DD"
method = "POST"
recordHeaders = false
timestamp = 0
timeToLive = 0
url = "https://www.salesforce.com/services/Soap/u/11.0"
Method name is: login
*** Security Sandbox Violation ***
Connection to https://www.salesforce.com/services/Soap/u/11.0 halted - not permitted from https://localhost/pm_server/pm/pm-debug.swf
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer acknowledge of 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
'A997F86A-36E9-DDDC-EC6B-BBEE23101466' producer fault for 'B89E5879-D7F7-E91E-2082-BBEE231054DD'.
Comunication Error : Channel.Security.Error : Security error accessing url : Destination: DefaultHTTPS
Error: Request for resource at https://www.salesforce.com/services/Soap/u/11.0 by requestor from https://localhost/pm_server/pm/pm-debug.swf is denied due to lack of policy file permissions.
What has changed?
I spoke with the product manager again yesterday and he has reopened the case. Hopefully it will be fixed soon.
Jeff Douglas
Informa Plc
blog.jeffdouglas.com
I immediately blamed my own code and account credentials, but having re-checked that nothing changed I am now sure that it is not them. I have reverted back to production code which has been working since February 2007 and that throws the same exception, so there must be something else.
First, there is a missing x-domain file at www.salesforce.com/service/Soap/u. This file is required to allow your flex application to set the appropriate required html headers for the SOAP messages. We have a fix in progress and expect resolution by early next week.
Still, even with that in place, there are other considerations that you have control over that affect accessibility to the platform. Specifically, if you are hosting your swf on a non-ssl enabled server (http), you must do two things to enable the toolkit. First, you need to set the "protocol" attribute of the connection object to "http" and set the server url to "http://www.salesforce.com/services/Soap/u/14.0". If you don't make this setting the toolkit will default back to ssl (https). Second, you will need to check to make sure that your salesforce.com instance is configured to allow non ssl connections. You can do this by going into Setup and under Administration Setup/SessionSettings verify that the check box next to "Require secure connections" is unchecked. When that box is checked, no matter what method you use to access the platform (web or api) you must us https.
The reason that you need to allow http connections if you are hosting from a non ssl site is because the flashplayer security will not allow mixed security (AFAIK).
Hope this helps.
Cheers
Jeff Douglas
Informa Plc
blog.jeffdouglas.com
It sounds to me more like the problem with the crossdomain security policy.
I'm intrigued to know why this has suddenly happened. Was there a change at the salesforce.com end? If yes, how do I keep abreast of such changes so I can avoid this in the future.
I now have no production environments working, a lot of upset customers and no firm date to tell them that it will be fixed. How do I escalate issues like this?
Hope this helps.