Uncaught Exception: Permission denied to call method to Location.toString

You may have noticed recently that some Flash applications (maybe yours) are not connecting to retrieve remote content anymore. If you're running FireFox, you are getting this cryptic message in the error console: "Uncaught exception: Permission denied to call method to Location.toString". Only some users are getting this error and others aren't.

What's going on here? As it turns out, there was a Flash security update between version Flash 9.0.115.0 and 9.0.124.0 that changed the behavior of the crossdomain security policy file. A number of changes have been made that potentially break things but one of note here is that arbitrary headers can not be sent anymore from a remote domain unless you specify a security policy to do so. How do I do this? Thankfully, it's an easy one line fix in your crossdomain.xml file.

Before:

<cross-domain-policy>
	<site-control permitted-cross-domain-policies="all"/>
	<allow-access-from domain="*" />
</cross-domain-policy>

After:

<cross-domain-policy>
	<site-control permitted-cross-domain-policies="all"/>
	<allow-access-from domain="*" />
	<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

For more information on the new allow-http-request-headers-from tag go to Adobe's TechNote page on arbitrary headers not being sent