This error just started popping up all over our site.
Permission denied to call method to Location.toString
I'm seeing google posts that suggest that this is related to flash and our crossdomain.xml. What caused this to occur and how do you fix?
This error just started popping up all over our site.
Permission denied to call method to Location.toString
I'm seeing google posts that suggest that this is related to flash and our crossdomain.xml. What caused this to occur and how do you fix?
Share Improve this question asked Aug 27, 2008 at 16:02 Kevin GoffKevin Goff 1,3311 gold badge13 silver badges18 bronze badges4 Answers
Reset to default 9Are you using javascript to municate between frames/iframes which point to different domains? This is not permitted by the JS "same origin/domain" security policy. Ie, if you have
<iframe name="foo" src="foo./script.js">
<iframe name="bar" src="bar./script.js">
And the script on bar. tries to access window["foo"].Location.toString, you will get this (or similar) exceptions. Please also note that the same origin policy can also kick in if you have content from different subdomains. Here you can find a short and to the point explanation of it with examples.
You may have e across this posting, but it appears that a flash security update changed the behaviour of the crossdomain.xml, requiring you to specify a security policy to allow arbitrary headers to be sent from a remote domain. The Adobe knowledge base article (also referenced in the original post) is here.
This post suggests that there is one line that needs to be added to the crossdomain.xml file.
<allow-http-request-headers-from domain="*" headers="*"/>
This likely causeed by a change made in the Flash Player version released in early April, I'm not too sure about the specifics, but I assume there were security concerns with this functionality.
What you need to do is indeed add that to your crossdomain.xml (which should be in your servers webroot)
You can read more here: http://www.adobe./devnet/flashplayer/articles/flash_player9_security_update.html
A typical example of a crossdomain.xml is twitters, more info about how the file works can be found here.