Security error accessing url

[RPC Fault faultString=”Security error accessing url” faultCode=”Channel.Security.Error” faultDetail=”Destination: DefaultHTTP”]

By default the Flash Player allows your site to retrieve data from your domain only. However, when developing with Flash tools, you’ll notice that you can point to and pull in data from anywhere. This is because the Flash software grants you special permission for testing purposes. When you put your site on a server “localhost” or “”, the Flash Player places a security sandbox around it and displays this error when you reach outside of it.

So for example if your Flash site is uploaded to and it makes a call to then an error is thrown because and are two different domains. If maps.php was on in the same directory as your Flash site then because both resources are on the same domain, you are allowed access to the resources there.

<!-- SWF is on Correct - Look at url. -->
< mx:HTTPService url="" />

<!-- SWF is on INCORRECT. Look at url. -->
< mx:HTTPService url="" />

Note: The following URL’s, “; and “; are two different domains according to the Flash Player. This includes subdomains. You may want to redirect calls from, “” to “” or vice versa. Your domain may have an option like this:

How do you like the www in your URL?
– Both and work.
– Add “www.” if somebody goes to
– Remove “www.” if somebody goes to


• Add a cross domain policy file on the domain you are calling. Your swf can access resources on other domains if the other domain grants your permission. They do this through a cross-domain file. This is a simple xml file on the other domain (yes, they have to set it up) that says what domains can access what content. Some sites already have cross-domain policy files setup. Here is an example. More info here…

• Using a proxy page. You place the proxy page on your site and then you call it. It then gets the remote sites page and passes that back to your page on your server. There are numerous examples online. Here is one…

• Grant the swf permission to access remote sites via the Flash Player Global Security Settings. You can change the security sandbox setting on a file or folder manually. This is useful if you are testing a SWF locally and want to grant it permission to pull data from a remote domain. To do this, open the SWF in the browser. Right click on the SWF and choose settings. In the Security tab (default) choose Advanced. This will take you to a site that displays the Flash Player’s settings. On the left column choose Global Settings and then add the file or folder of the swf you are testing. Typically this will be something like, “c:/projects/flex/bin-debug/”, “users/judah/documents/flex/bin-debug/” or “http://localhost/&#8221;. From now on your swf can access data on sites it’s not hosted on but remember this solution only grants that specific directory or file on your computer access to remote sites. This change doesn’t affect anyone other computer than your own. You will still need to employ another solution listed here.

• Set checkPolicyFile to false (for images). More info here, and

More info can be found here:

Please reply in the comments below if this helped you or not. You can also use the Error Lookup Tool to look up Flex compiler or runtime errors.

Security error accessing url

24 thoughts on “Security error accessing url

  1. Hi All,

    Indeed i am getting the same error. My application both flex3.0 and Java are hosted on a webserver which is remote. When i try to access from my local machine it gives me a security exception. I have added the cross domain file on the hosting server but still it doesn’t work.

    If any one has any solution please post it.


    1. mahesh says:

      u have to add accessible dirs in this file


      currently where ur flex project is running…like..this



  2. Sudhir Chauhan says:

    There is a one simple solution for this problem.

    you must add secure=”false” with the URL else IE make this true by default for more detail just access the crossdomain URL on IE.


  3. Nick says:

    I Have a problem with a Flex app displaying a data grid with info from mysql database. The Flex app runs as a swf file inside a PHP based site . The problem occurs only in IE which does not display the Flex App at all while FireFox & OPera work correctly.

    I tried the secure=”false” in the crossdomail.xml but it didn’t work.

    I would be obliged if someone could help me with this issue.

    Thank you very much


  4. Øivind says:

    I’ve got a problem loading a webservice when running my project from a different webserver than localhost.

    In Flex i get this error message:
    Error: Request for resource at http://localhost:37813/serviceName.svc? by requestor from http://myDomain/serviceName/bin/my.swf/%5B%5BDYNAMIC%5D%5D/3 is denied due to lack of policy file permissions.

    *** Security Sandbox Violation ***
    Connection to http://localhost:37813/serviceName.svc? halted – not permitted from http://myDomain/serviceName/bin/jasminMediaBrowser.swf

    My crossdomain.xml file on the webserver hosting the webservice:

    So what could be the problem here?


  5. Øivind says:

    And here it comes 😉
    site-control permitted-cross-domain-policies=”all”
    allow-access-from domain=”*” to-ports=”*”
    allow-http-request-headers-from domain=”*” headers=”*”


  6. mitek17 says:

    Hi Judah,

    Actually I found another cause of that particular problem.
    Looking at the policyfiles.txt showed that Flash Player can’t download the crossdomain.xml file.
    When I tried to download it manually via the browser, the browser showed that SSL certificate is invalid. So, as soon as I fixed the cerificate, this error has gone.

    More strangely, that this problem was appearing ONLY on Windows, all Mac & Linux machine worked fine.

    Hope this could help.


  7. Tavo says:

    @Øivind your crossdomain works for me, thanks. I dont know what’s your problem but maybe you must check the permissions for files on server.
    Thanks to author of this post too.


  8. smauz says:

    Hi all,
    I’m trying to access a mail serverice ( from my swf application, on release server, but I have the following error:
    Error #2044: securityError non gestito:. text=Error #2048: Violazione della sicurezza sandbox: http://myserver/geoportale/viewers/MapViewerAd_v1_5/widgets/ImportData/ImportData.swf can’t load

    How I can solve this issue? I’ve already saved the crossdomain.xml in the server root directory.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s