I ran into a very interesting Flash issue. I had a Flash form that was being hosted on Server A. It was submitting data to a PHP file on Server B, then receiving the results from that PHP file (whether the form was processed correctly). Server B had a crossdomain xml file set up, and I had my security permissions properly set up, but I kept getting a security error (Error #2048) no matter what I did. Needless to say, this was making me want to play with large-calibur weapons.
The solution lay in this well-hidden article on Adobe’s site. In essence, the article states that they’ve made Flash’s security settings even more strict, and that means that in some situations, you need to change things around in order to make sure that Flash will accept your policy file. I set my computer up with Flash 9 debugger version, set it up to log policy errors, and then looked at my policy file log which revealed the problem: Server B was returning the crossdomain xml file as Content-Type “application/x-httpd-php5-source”. With Flash 9′s newer, stricter settings, Flash 9 will only accept policy files of the following content-types:
- text/* (any text type)
- application/xml or application/xhtml+xml
As soon as we changed the crossdomain’s content-type, the Error #2048 went away and the form processed correctly!
So the upshot is that if you’re getting Error #2048 notices and you can’t get them to go away no matter what you try, follow the steps outlined on this page at Adobe. Once you’ve set your computer up to debug and log your policy files, you’ll be able to check and see if a policy file content-type problem is causing your troubles.