From: Glen Pike <postmas...@glenpike.co.uk>
Subject: Re: [Flashcoders] Crossdomain.xml, shared hosting, https,
oh my!
To: "Flash Coders List" <flashcoders@chattyfig.figleaf.com>
Date: Wednesday, January 13, 2010, 7:07 PM
Hi,
I think you need to add in the
secure="false" and make sure that is the cross domain file
served from the https connection on the server..
http://www.adobe.com/devnet/articles/
crossdomain_policy_file_spec.html#allow-access-from-secure
e.g.
<allow-access-from domain="http://stage.example.com"
secure="false"/>
Not sure about policy file logging - managed on Linux, but
never tried on Mac. You need to run the Debug player
to get it to log though.
Also, if you are using https, watch out
for www. vs non-www - the SSL certificates sometimes don't
cover both these domain names, so you may have to ensure
your clients always get redirected to the dubs or non-dubs
one, point Firefox at https://www.blah and https://blah and see
if it chucks a security exception. If this happens,
you could serve the swf over https and redirect requests for
http to https with mod_rewrite in an .htacess file.
HTH
Glen
Steven Loe wrote:
Okay I've gotten the server folks to allow me to serve
my own crossdomain.xml file. How do I craft a crossdomain
policy file that will allow the swf (served via http) to
access data served via https within the same domain?
Here's my error:
2048: Security sandbox violation: http://example.com/media/swf/
game.swf cannot load data
from https://example.com/secure/game/direct_payment.
I've tried this: <?xml version="1.0"
encoding="utf-8"?>
<!DOCTYPE cross-domain-policy
SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'>
<cross-domain-policy>
<allow-access-from
domain="*"/>
</cross-domain-policy>
I've also tried this:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/
dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control
permitted-cross-domain-policies="all"/>
<allow-access-from
domain="www.example.com"/>
<allow-access-from
domain="example.com"/>
<allow-access-from
domain="stage.example.com"/>
<allow-access-from
domain="www.stage.example.com"/>
<allow-access-from
domain="stage.example.com"/>
<allow-access-from domain="http://stage.example.com"/>
<allow-access-from domain="http://www.stage.example.com"/>
<allow-access-from domain="https://stage.example.com"/>
<allow-access-from domain="https://www.stage.example.com"/>
<allow-access-from domain="http://example.com"/>
<allow-access-from domain="http://www.example.com"/>
<allow-access-from domain="https://example.com"/>
<allow-access-from domain="https://www.example.com"/>
</cross-domain-policy>
Neither work. I've tried placing the policy file at
root and in the /game folder. No Luck. Any ideas as to what
I'm doing wrong here?
Also, has anyone had luck getting policy file logging
to work on osx? I've followed adobe's recipe but there seems
to be no policyfiles.txt log file on my machine.
thanks
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
--
Glen Pike
01326 218440
www.glenpike.co.uk <http://www.glenpike.co.uk>
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders