Flash returns a security error when we try to retrieve data from the My Space API:
Error #2048: Security sandbox violation:
http://ourdomain.com/ourpath/ourswf.swf cannot load data from
http://api.msappspace.com/opensocial-api-v1.svc/JSON/opensocial/VIEWER/friends?opensocial_token=big
long token&opensocial_mode=canvas&page=1&page_size=40."
The same code works in the Flash IDE and if we paste the link directly in the browser. The error occurs only when running the app in production connecting from our server to My Space. According to posts on the web and the Adobe documentation the crossdomain.xml file at api.msappspace.com would need to include http://ourdomain.com or have a public policy "*" to meet the requirements of the flash security model.
We do pass in the auth token and we've tried both XML, JSON, the AS3 lib by JE, and writing our own URLLoader. All exhibit the same pattern: works in IDE, and pasting link in browser, does not work in production.
How do we request to have our domain added to the crossdomain policy file?
thanks!