> 1) Are wildcards allowed in policy files? > > When I send the following text (+ a trailing 0-byte): > > <cross-domain-policy> > <allow-access-from domain="*.preferans.de" to-ports="8080"/> > <allow-access-from domain="172.16.6.*" to-ports="8080"/> > </cross-domain-policy> > > then I get: > > OK: Root-level SWF loaded: http://172.16.6.45/Pref.swf > OK: Searching for <allow-access-from> in policy files to authorize > data loading from resource at xmlsocket://172.16.6.45:8080 by > requestor from http://172.16.6.45/Pref.swf > Warning: Ignoring invalid <allow-access-from> tag for domain > '172.16.6.*' in policy file at xmlsocket://172.16.6.45:8080 > OK: Policy file accepted: xmlsocket://172.16.6.45:8080 > Error: SWF from http://172.16.6.45/Pref.swf may not connect to a > socket in its own domain without a policy file. See > http://www.adobe.com/go/strict_policy_files to fix this problem. > > But when I remove the asterisk in the 2nd line: > > <cross-domain-policy> > <allow-access-from domain="*.preferans.de" to-ports="8080"/> > <allow-access-from domain="172.16.6.45" to-ports="8080"/> > </cross-domain-policy> > > OK: Root-level SWF loaded: http://172.16.6.45/Pref.swf > OK: Searching for <allow-access-from> in policy files to authorize > data loading from resource at xmlsocket://172.16.6.45:8080 by > requestor from http://172.16.6.45/Pref.swf > OK: Policy file accepted: xmlsocket://172.16.6.45:8080 > OK: Request for resource at xmlsocket://172.16.6.45:8080 by requestor > from http://172.16.6.45/Pref.swf is permitted due to policy file at > xmlsocket://172.16.6.45:8080 > > (what about "*.preferans.de"? Is it valid and > will it match www.preferans.de and preferans.de?)
The first one (*.preferans.de) is valid and will match both, I think, but if you specify an IP address it must be an exact match - asterisks aren't allowed for IP addresses. > 2) Also http://www.adobe.com/go/strict_policy_files > says the incoming request should be > <policy-file-request /> with a trailing 0, > but I get <policy-file-request/> with a 0 byte > (i.e. without the space before "/>") I would expect those to be identical, in the sense that they're both equivalent "expressions" in XML. The cross-domain policy specification doesn't include a leading space before the closing slash. > 3) And finally I'm still not clear about when > <policy-file-request/> + 0 byte is being sent? > At the very beginning? And is the socket connection > closed a reopened afterwards? > Or is the connection kept opened? > > The Adobe doc is confusing, they don't > even list an example policy file for sockets. > They also don't have a process diagram. This is the document you want to read: http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! _______________________________________________ Flashcoders mailing list [email protected] http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
