Re: [Flashcoders] Crossdomain.xml, shared hosting, https, oh my!

Wed, 13 Jan 2010 18:09:20 -0800 

Hi,
I think you need to add in the secure="false" and make sure that is the cross domain file served from the https connection on the server.. 


   
http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html#allow-access-from-secure


   e.g.

        <allow-access-from domain="http://stage.example.com"; secure="false"/>

 Not sure about policy file logging - managed on Linux, but never tried on Mac. 
 You need to run the Debug player to get it to log though.

        Also, if you are using https, watch out for www. vs non-www - the SSL 
certificates sometimes don't cover both these domain names, so you may have to 
ensure your clients always get redirected to the dubs or non-dubs one, point 
Firefox at https://www.blah and https://blah and see if it chucks a security 
exception.  If this happens, you could serve the swf over https and redirect 
requests for http to https with mod_rewrite in an .htacess file.
        
        HTH

Glen



  


Steven Loe wrote:

Okay I've gotten the server folks to allow me to serve my own crossdomain.xml file. How do I craft a crossdomain policy file that will allow the swf (served via http) to access data served via https within the same domain? 


Here's my error:
2048: Security sandbox violation: http://example.com/media/swf/game.swf cannot 
load data from https://example.com/secure/game/direct_payment.


I've tried this: 
<?xml version="1.0" encoding="utf-8"?>

<!DOCTYPE cross-domain-policy
  SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'>
<cross-domain-policy>
        <allow-access-from domain="*"/>
</cross-domain-policy>

I've also tried this:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM 
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd";>
<cross-domain-policy>
        <site-control permitted-cross-domain-policies="all"/>
        <allow-access-from domain="www.example.com"/>
        <allow-access-from domain="example.com"/>
        <allow-access-from domain="stage.example.com"/>
        <allow-access-from domain="www.stage.example.com"/>
        <allow-access-from domain="stage.example.com"/>
        <allow-access-from domain="http://stage.example.com"/>
        <allow-access-from domain="http://www.stage.example.com"/>
        <allow-access-from domain="https://stage.example.com"/>
        <allow-access-from domain="https://www.stage.example.com"/>
        <allow-access-from domain="http://example.com"/>
        <allow-access-from domain="http://www.example.com"/>
        <allow-access-from domain="https://example.com"/>
        <allow-access-from domain="https://www.example.com"/>
</cross-domain-policy>


Neither work. I've tried placing the policy file at root and in the /game 
folder. No Luck. Any ideas as to what I'm doing wrong here?

Also, has anyone had luck getting policy file logging to work on osx? I've 
followed adobe's recipe but there seems to be no policyfiles.txt log file on my 
machine.

thanks

_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


  


--

Glen Pike
01326 218440
www.glenpike.co.uk <http://www.glenpike.co.uk>

_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders






















					Reply via email to