Hi,
I would suggest a workaround is to serve the swf from a secure url
too - that would reassure browsers that their details are secure - not
many people will check the status bar, they tend to look for the padlock
or the address bar - if that's got an https in, then they will be happy,
you are only stuffed if port 443 points to a different webserver, in
which case, I would change hosting providers for something more useful.
The cross-domain policy to serve https to http flash files needs to
have the secure attribute set to false:
<allow-access-from domain="www.company.com" secure="false" />
I am not sure about the ramifications of having * for the
cross-domain - it's not the end of the world, but there are some more
articles on the devnet if you need:
http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_05.html
HTH
Glen
Steven Loe wrote:
Adobe's documentation on this is not crystal clear (to me anyway). Hoping that
someone who's been down this road can point me in the right direction.
My app is hosted on a shared host (webFaction). The swfs are loaded over http.
The users credit card data is transmitted over https. All works fine in the
flash IDE. However, with the app running in a browser I get:
2048: Security sandbox violation: http://example.com/media/swf/game.swf cannot
load data from https://example.com/secure/game/direct_payment.
WebFaction serves a global crossdomain.xml file for all it's customers. I don't
have a way to change the policy file at server root. Here's their file:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy
SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
Questions:
1. Given the server configuration, how can I get around the security sandbox
error when I make a https call?
2. How bad (or not) is the resulting security created by the <allow-access-from domain="*"/>
Thanks very much
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
--
Glen Pike
01326 218440
www.glenpike.co.uk <http://www.glenpike.co.uk>
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders