I'm still getting a security sandbox error when the swf tries to get data via https. What am I doing wrong here?
The swf is loaded via http at http://stage.example.com/media/swf/game.swf The credit card data is Loaded/sent via https at https://stage.example.com/game/direct_payment Policy File 1 is here: http://stage.example.com/crossdomain.xml Policy file 2 is here: http://stage.example.com/game/crossdomain.xml: Policy File 1: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE cross-domain-policy SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'> <cross-domain-policy> <site-control permitted-cross-domain-policies="all"/> <allow-access-from domain="*"/> </cross-domain-policy> Policy file 2: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE cross-domain-policy SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'> <cross-domain-policy> <allow-access-from domain="*.example.com" secure="false"/> </cross-domain-policy> Here's my policyfiles.txt log OK: Root-level SWF loaded: http://stage.example.com/media/swf/game.swf OK: Searching for <allow-access-from> in policy files to authorize data loading from resource at https://stage.example.com/game/direct_payment by requestor from http://stage.example.com/media/swf/game.swf OK: Policy file accepted: https://stage.example.com/crossdomain.xml Error: Request for resource at https://stage.example.com/game/direct_payment by requestor from http://stage.example.com/media/swf/game.swf is denied due to lack of policy file permissions. Thanks! --- On Wed, 1/13/10, Glen Pike <postmas...@glenpike.co.uk> wrote: > From: Glen Pike <postmas...@glenpike.co.uk> > Subject: Re: [Flashcoders] Crossdomain.xml, shared hosting, https, oh my! > To: "Flash Coders List" <flashcoders@chattyfig.figleaf.com> > Date: Wednesday, January 13, 2010, 7:07 PM > Hi, > > I think you need to add in the > secure="false" and make sure that is the cross domain file > served from the https connection on the server.. > > http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html#allow-access-from-secure > > e.g. > > <allow-access-from domain="http://stage.example.com"; secure="false"/> > > Not sure about policy file logging - managed on Linux, but > never tried on Mac. You need to run the Debug player > to get it to log though. > > Also, if you are using https, watch out > for www. vs non-www - the SSL certificates sometimes don't > cover both these domain names, so you may have to ensure > your clients always get redirected to the dubs or non-dubs > one, point Firefox at https://www.blah and https://blah and see > if it chucks a security exception. If this happens, > you could serve the swf over https and redirect requests for > http to https with mod_rewrite in an .htacess file. > > HTH > > Glen > > > > Steven Loe wrote: > > Okay I've gotten the server folks to allow me to serve > my own crossdomain.xml file. How do I craft a crossdomain > policy file that will allow the swf (served via http) to > access data served via https within the same domain? > > Here's my error: > > 2048: Security sandbox violation: http://example.com/media/swf/game.swf > > cannot load data > from https://example.com/secure/game/direct_payment. > > > > I've tried this: <?xml version="1.0" > encoding="utf-8"?> > > <!DOCTYPE cross-domain-policy > > SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'> > > <cross-domain-policy> > > <allow-access-from > domain="*"/> > > </cross-domain-policy> > > > > I've also tried this: > > <?xml version="1.0"?> > > <!DOCTYPE cross-domain-policy SYSTEM > > "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd";> > > <cross-domain-policy> > > <site-control > permitted-cross-domain-policies="all"/> > > <allow-access-from > domain="www.example.com"/> > > <allow-access-from > domain="example.com"/> > > <allow-access-from > domain="stage.example.com"/> > > <allow-access-from > domain="www.stage.example.com"/> > > <allow-access-from > domain="stage.example.com"/> > > <allow-access-from domain="http://stage.example.com"/> > > <allow-access-from domain="http://www.stage.example.com"/> > > <allow-access-from domain="https://stage.example.com"/> > > <allow-access-from domain="https://www.stage.example.com"/> > > <allow-access-from domain="http://example.com"/> > > <allow-access-from domain="http://www.example.com"/> > > <allow-access-from domain="https://example.com"/> > > <allow-access-from domain="https://www.example.com"/> > > </cross-domain-policy> > > > > > > Neither work. I've tried placing the policy file at > root and in the /game folder. No Luck. Any ideas as to what > I'm doing wrong here? > > > > Also, has anyone had luck getting policy file logging > to work on osx? I've followed adobe's recipe but there seems > to be no policyfiles.txt log file on my machine. > > > > thanks > > > > _______________________________________________ > > Flashcoders mailing list > > Flashcoders@chattyfig.figleaf.com > > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > > > > > -- > Glen Pike > 01326 218440 > www.glenpike.co.uk <http://www.glenpike.co.uk> > > _______________________________________________ > Flashcoders mailing list > Flashcoders@chattyfig.figleaf.com > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
