Prior to the release of Flash Lite 3.1 I worked on a Flash-based WRT widget which loads external data. Adding a crossdomain policy file and publishing as 'access network only' was enough to work around the security sandbox. I'm now working on a similar widget but I'm having more difficulty with the security sandbox in the 3.1 player.
My SWF is embedded in a WRT widget wrapper, so it runs locally. Publish settings are set to Flash Lite 3.0 (widget needs to work with 3.0 and 3.1), ActionScript 2.0, access network only. I made a simple test file loading data via SWX on our test server. It works fine with Flash Lite player v3.0, but not with 3.1. I get a connection prompt, and the logs show a request to SWX and a response is sent, but I'm seeing a timeout event instead of a successful result. If I run the SWF from a trusted folder it receives the response from SWX no problem. This was enough to convince me that the sandbox is the problem.
I made a second test file to see whether I can load some external XML with the 3.1 player. I added a call to System.security.allowDomain passing "*" to allow all, and a call to System.security.loadPolicyFile passing the URL of the crossdomain file on the root. The SWF works when I run it from the messaging inbox (e.g. if I bluetooth the SWF to the device directly), however when embedded in the widget it displays without triggering a connection prompt. The AllowNetworkAccess key in the widget plist file is set to true, and I've set the allowNetworking parameter to "all" and allowScriptAccess to "always" in the embed code.
Can anyone see what I'm doing wrong here? I didn't expect to have this much difficulty just loading XML.