The Flash security sandbox has been around for a while so you'd think we'd seen all the errors. When firefox started reporting an "error calling method on NPObject," I was surprised to find Google didn't drop the answer at my feet. No, this took a bit more exploring to figure out.
Error calling method on NPObject
When this error pops up, it's not because the function isn't there. Otherwise you'd get a message like "flashMovie.myFunc is not a function." When this happens it means the function is defined but for some reason Flash doesn't think you should be calling it.
Now with the security sandboxes this could be for a number of different reasons.
- Local content trying to access the internet
- Internet content trying to access local content
- Content from one domain trying to access content from another
I'd started hosting my SWFs on a different domain so my problem was definitely the latter. Creating a crossdomain.xml policy file on both domains didn't solve the problem, either. It turns out you have to add a couple lines right inside your SWF file to allow cross-domain scripting.
import flash.system.Security; Security.allowDomain('otherdomain.com');
That's it. Now, no matter which domain hosts the SWF, you can still communicate with it from otherdomain.com.
I just wish the error message could be a little less mysterious is all.