Thanks Charlie - checking to ensure the crossdomain.xml file was being loaded was our first order of business. We confirmed with the IIS logs that it was being loaded and did some preliminary testing by loading the website using the server's IP address rather than domain name. Since the requesting url (IP address) didn't match flex's remote object call (fully qualified domain), it wouldn't work w/o the proper crossdomain.xml file.
We had a few issues getting a client proxy tool setup, but I think that had more to do with our convoluted configuration than anything. Finally, I researched and found how to turn debugging on for the Flashplayer to see if we could find out a bit more of what was going on from the client side. It was the error messages there that made us realize the issue where the SWF was compiled with the Remote location that was not being resolved externally. So while the crossdomain.xml was an issue, it wasn't the entire issue. It also brings to mind some interesting possible issues for future deployments due to how applications are deployed in our specific environment. Thanks again to all for getting us pointed in the right direction. Dawn On Sat, Mar 27, 2010 at 3:49 PM, Charlie Arehart <[email protected]>wrote: > Dawn, I can’t tell if you (or others) saw my original note in reply to > your question, offered Thursday when you sent the note. My first point was, > “You should confirm first that that file is indeed being requested on the > server.” I also indicated how to check that, and made the similar > suggestion to Doug that a client proxy tool could have helped if it wasn’t > obvious just from your attempting a browser request for the file (which was > another suggestion I’d made). > > I’m just saying all this as much to make sure that others realize that this > challenge with the crossdomain.xml files isn’t quite that unique. It’s not > what most tend to think of first, but it’s always worth ruling out first. > :-) > > > > /charlie > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Dawn > Hoagland > *Sent:* Friday, March 26, 2010 6:17 PM > *To:* [email protected] > *Subject:* Re: [ACFUG Discuss] Flex, Flash Security and crossdomain.xml > > > > Just thought I'd update. > > After lots of digging - and tracing Flash player debug info - it turns out > it's a completely different issue (after a fashion). The SWF is loading > correctly, but the URL to "https://dev.company1.org/flex2gateway/'" isn't > visible externally. So, indeed it couldn't load the gateway config. There > was still a sandbox violation occurring because the REMOTE was trying to go > to a different server - and that had to be resolved before the true issue > hit me on the head - but part of the reason I couldn't get it to work is > that both issues threw the exact same error message in the Flash player. It > wasn't until I traced it that I noticed something was slightly different > with the crossdomain.xml properly set. > > This opens a completely different can of worms concerning what's wrong, how > to fix it and implications of how some of these apps are/will be deployed. > > For future reference, if you include "allow-http-request-headers-from" in > your crossdomain.xml file, you need to use domain names. If you remove that > property (just setting the "allow-access-from"), setting domain="*" works > and gives you a good start for troubleshooting..... > > Thanks for pointing me in the right direction! > > Dawn > > > > On Thu, Mar 25, 2010 at 3:21 PM, Dawn Hoagland <[email protected]> > wrote: > > I absolutely agree with all of you. We'll get it locked up tight - once we > get it working. I don't have direct access to the server so I'm working > with several people resolving the issue. > > I'll post back once we get it fixed with the resolution (it may help > someone else having the same issue). > > Thanks again! > > Dawn > > > > > > On Thu, Mar 25, 2010 at 2:18 PM, Douglas Knudsen <[email protected]> > wrote: > > couldn't agree more with Dean here, lock that thing up. > > > > http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html > > This is a good ref on the topic. > > > > Also, I'd get Service Capture and verify that your SWF is indeed loading > the proper crossdomain.xml file as well as other traffic. > > > > Douglas Knudsen > > [email protected] > > > > > > > > On Mar 25, 2010, at 11:41 AM, Dean H. Saxe wrote: > > > > FYI, opening up the cross domain policy to all sites is > doubleplusungood. (Sorry for the 1984 reference!) Lock it down to > the specific sites which need cross domain access, no more. > > -dhs > > -- > Dean H. Saxe > "A true conservationist is a person who knows that the world is not > given by his fathers, but borrowed from his children." -- John James > Audubon > > > > On Thu, Mar 25, 2010 at 7:39 AM, Robert Lash <[email protected]> wrote: > > Have you tested this with one domain or a static domain address? > > You might want to try that first to isolate the issues. > > > > I actually never got a crossdomain policy to work with the "*" all > settings > > but was successful with static domain names. > > Robert Lash > > > > > > On Wed, Mar 24, 2010 at 4:05 PM, Dawn Hoagland <[email protected]> > > wrote: > > > > Background: > > We are running ColdFusion8 in a multi-server configuration under IIS. > We > > have an application where we are attempting to allow our customer access > > through a proxy server. The domain of our internal server (for > discussion > > sake) is dev.company1.org. The domain they are coming from is > > test.company2.com. > > > > We receive the following error: > > Channel.Security.Error error Error #2048: Security sandbox violation: > > https://test.company2.com/system/app/bin/index.swf cannot load data from > > https://dev.company1.org/flex2gateway/. url: > > 'https://dev.company1.org/flex2gateway/' > > > > All of my searches point to needing to add a crossdomain.xml policy > file. > > I've created one (see below) that should allow any connection and placed > it > > at the web root. > > > > Am I missing something completely? > > > > ----- begin crossdomain.xml ----- > > <?xml version="1.0" encoding="UTF-8"?> > > <!DOCTYPE cross-domain-policy SYSTEM > > "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd";> > > <cross-domain-policy> > > <allow-access-from domain="*" secure="false" /> > > <allow-http-request-headers-from domain="*" headers="*" > secure="false" > > /> > > </cross-domain-policy> > > ---- end crossdomain.xml --- > > > > Thanks! > > > > Dawn > > > > > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > > http://www.acfug.org?fa=login.edituserform > > > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > > > > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > -------------------------------------------------------------
