I am trying to enable communication between Javascript and Flash via ExternalInterface across domains. The Javascript works great when it is located on the same domain as the SWF. But in one case, the HTML resides on domain A, the javascript and the flash both reside on domain B. I have done all of the following:

• The embed tag has allowScriptAccess="always" (and the object has that as a param)
• My SWF file's actionscipt has Security.allowDomain("*")
• My SWF also calls Security.allowInsecureDomain("*")
• Both domain A and domain B have a /crossdomain.xml file which has allow-access-from domain="*"

The SWF is able to call javascript on the page, but when I use Javascript to call functions exposed by ExternalInterface, I get

Error calling method on NPObject! [plugin exception: Error in Actionscript. Use a try/catch block to find error.]

This is ActionScript 2 so ExternalInterface.marshallExceptions is not available.

You should only need two things for this to work:

1) allowscriptaccess=always will allow your swf to send stuff out to the page

2) System.security.allowDomain("yourhtmldomain.com");

Note that it's System.security.allowDomain() in AS2 - it's not the same as AS3 or what you have written above.

number 2 above allows the html page on domainA to call things in the swf on domainB.

The domain your js is hosted on won't matter here, since the browser embeds it on domainA, the script is executed in domainA.

crossdomain.xml is mainly only for loading remote files, which you aren't doing, so you can remove that if you like. (and you probably don't want to have a crossdomain.xml file with allow="*" sitting on your main domain, that's very bad practice)

Since you are loading multiple swfs, you may need to include the security settings in each of those swfs on domain B that are loaded.

You may also need a loader context with the appropriate security settings.

import flash.system.LoaderContext;
import flash.system.ApplicationDomain;
import flash.system.Security;
import flash.system.SecurityDomain;
import flash.net.URLRequest;
import flash.net.URLLoader;

var context:LoaderContext = new LoaderContext(true, ApplicationDomain.currentDomain, (Security.sandboxType == Security.REMOTE) ? SecurityDomain.currentDomain : null);
var l:Loader = new Loader();
l.load(new URLRequest("http://example.com/myswf.swf"), context);

for me a few reason was (i'm using uploadify):

http server haven't permission to write file to destination swfobject (flash) haven't cross domain access

solution: object tag in html must have allowScriptAccess="always" it can be done by set param like

$('#file_upload').uploadifySettings('scriptAccess', 'always')
than flash object must have:
import flash.system.Security;
Security.allowDomain('remotedomain.com'); 

it can be done by compile source with this param, i have that, if you need it write to me with uploadify subject. Than Remote server, where flash include in the page, must have in the root crossdamoin.xml file with content like:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

I had this same problem (allowDomain etc. were good), but I send to flash bad parameter - just outputed JSON from ajax call. Problem gone, when I put that json in "", and then parse it into javascript object (via jQuery.parseJSON).

Using AS3 with Flash Player version 10 I could not get ExternalInterface.addCallback() to work correctly for testing locally. I finally got my local copy working by adding the parameter "allowNetworking" with a value of "all" (http://www.adobe.com/livedocs/flash/9.0/main/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00001079.html). Good luck to anyone struggling with this!

In my case, it was because I was modifying the DOM element containing the uploader div.

I used the jquery hide() function to hide the div containing the uploader, and when I realized that caused the above error, I tried a different approach where I set the "float" attribute of the div. In both cases, it broke the uploader.

FWIW, it appears that setting the width/height of the div containing the uploader to 0 does NOT make the error occur.