Skip to main content
Published: November 25 2007, 9:56:00 PMUpdated: November 28 2020, 4:03:42 PM

We are trying to use the Flex SDK in order to use eBay Trading API calls within a flash application, and our application is running fine in Flex environment. However; when we deploy the same code on a web server (localhost or in a remote web server such as: http://localhost:8080/xxxxxx/test.swf  ), we got the following error :


SecurityError: Error #2123: Security sandbox violation ...

What is the problem?

Summary 

   The reason for the error is that the secure attribute in <allow-access-from> is set to true in the eBay Trading API crossdomain policy file https://api.ebay.com/crossdomain.xml. As a result, the flex applications served over HTTP cannot access eBay Trading API HTTPS resources.  

  In genereal, for a Macromedia Flash movie (SWF file) to access a data service that hosted in the other domain ( http://otherdomain.com, for example),  a cross-domain policy file must be found in the root of the http://otherdomain.com web server.

  For example, crossdomain policy file http://open.api.ebay.com/crossdomain.xml  in eBay Shopping Web Service is defined as below, which allows the Flash Player to access the eBay  Shopping Web API from any given domains  . 

<?xml version="1.0" ?>

  <!DOCTYPE cross-domain-policy (View Source for full doctype...)>
   <cross-domain-policy>
  <allow-access-from domain="*" secure="true" />
  </cross-domain-policy>
 
 

    If  the secure property of the <cross-domain-policy> tag is set to true in a given data service that hosted in HTTPS, a  Flex application that is orginated or the SWF file that is embedded over HTTP is not allowed to access that HTTPS data service.

   More information regarding the topic can be found on Flex documents : Loading data across domains and Using HTTPS

How well did this answer your question?
Answers others found helpful