web services - AS3 + HTTP GET doesn't work

Question

I have a project in Flash and I use a webserver with some data. I read that information (json) with:

var url:String = "URL REQUEST";
var request:URLRequest = new URLRequest(url);
var loader:URLLoader = new URLLoader();
loader.load(request);

and I use that information in a TextField. This works fine and show my data properly. But, when I publish my work or open the file .swf doesn't show the data.

Inside the Adobe Flash works fine. Outside doesn't work.

I have a raspberry pi with a service in nodeJS running. The door is open in the router.

My nodeJS

var express = require('express');
var bodyParser = require('body-parser');
var app = express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended:true}));
const port = process.env.PORT || 3001;
const SERVER_ROOT = "http://localhost:" + port;
var messages =  {};
messages["a1"] = blablabla;
--
messages["n"] = blablabla;
function buildMessage(newID, text, user){
const now = new Date();
return {

    };
};
app.route("/message") 
.get(function(req, res) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "X-Requested-With");

    res.json(messages);
});
app.param('messageID', function(req, res, next, messageID){
req.messageID = messageID;
return next();
})
app.listen(port, function() {
console.log("Listening on " + port);
});

Answer 1

This is a classic security error which is fired when an swf try to load content in another domain other than its own and didn't has authorization to do that. So to avoid this type of security error, you have to create a crossdomain.xml file at the root of the server from where you want to load data. To more understand things, take a look on this schema ( taken, and edited, from Adobe Cross Domain Policy File) :

So in this case, to allow an swf file in a.com to load data from b.com, we have to add a crossdomain.xml file in the root of b.com, so we can access to it using b.com/crossdomain.com. For the content of this file and more details about it, you can see the link above of the crossdomain specification. It can be like this :

<?xml version="1.0"?>
<cross-domain-policy>
    <!-- if used alone, allow only all a.com requests but not its sub-domains -->
    <allow-access-from domain="a.com"/>
    <!-- if used alone, allow all a.com sub-domains and a.com requests -->
    <allow-access-from domain="*.a.com"/>
    <!-- if used alone, allow only b.a.com sub-domain requests -->
    <allow-access-from domain="b.a.com"/>
</cross-domain-policy>

I hope all this can help you to resolve your problem.