+ Start a Discussion

Add crossdomain policy file to a Flex Application which connects to salesforce api



I am  developing a flex applicaiton which connects to the salesforce api. My problem is that Flex needs to have a crossdomain.xml file located on the salesforce server in order to be granted to access the salesforce domain otherwise I get a Sanbox cross domain errors.


I attempted to add the file as a static resource, but in order to access the static resource you actually need to login first and access it in https envirionment.


Has anyone found a work-around on this?


Thank you.


There's a pre-existing cross domain file at services/Soap/cross-domain.xml you need to tell flex to load that one, rather than trying to load the default one at /cross-domain.xml


Thank you Simon!!!!


I have been struggling with this error for days. I have only been requesting the /services/crossdomain.xml file all this time. My logins were successful, however my querys were not. As they were going to na2-api.salesforce.com, and flash had not gotten permission to do this yet. 


I could not find this anywhere in the documentation, guides, or tutorials, have I just been looking in the wrong places?




Did you ever figure out what to do?  I seem to be at the same place you were when you posted this. 


Hi Reba,


Yes I finally figured it out. I am not entirely sure if this is the absolute proper way to do it, but it works =)


So I have to load the x-domain file from /services/crossdomain.xml  in order to initiate the login request:

/* this x-domain file is needed for the login request */


Then I can actually call login.


Then in the asynch repsonder for a successful login, I extract what server I have been connected to.

This is usually http://na2-api.salesforce.com for me, the "North America 2" server, na2. I am unsure of how this distribution occurs so I did not want to have to hard code this server in. So in the successful login handler, I extract what server I have been connected to, and then specifically request their cross-domain file which is burried a few directories down.

I got th server address from ConnectionObject.serverUrl.  Mine looks like this:


But I want this file:



So I just extracted the server-prefix and slap on the cross domain file part and call Security.loadPolicyFile( http://na2-api.salesforce.com/services/Soap/cross-domain.xml );


Then I am allowed to make requests to na2-api.salesforce.com!


Hope this helps!