I could load everything over https but it's ~7mb of swf and audio. It's going to be slower over https. There must be people here that load data into flash over https all the time. It can't be this hard.
--- On Thu, 1/14/10, Karl DeSaulniers <k...@designdrumm.com> wrote: > From: Karl DeSaulniers <k...@designdrumm.com> > I think the suggestion of feeding the > swf through https may be the way to go. > > Karl > > > On Jan 14, 2010, at 4:37 PM, Steven Loe wrote: > > > I'm still getting a security sandbox error when the > swf tries to get data via https. What am I > doing wrong here? > > > > The swf is loaded via http at http://stage.example.com/media/swf/game.swf > > The credit card data is Loaded/sent via https at > > https://stage.example.com/game/direct_payment > > Policy File 1 is here: http://stage.example.com/crossdomain.xml > > Policy file 2 is here: http://stage.example.com/game/crossdomain.xml: > > > > Policy File 1: > > <?xml version="1.0" encoding="utf-8"?> > > <!DOCTYPE cross-domain-policy > > SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'> > > <cross-domain-policy> > > <site-control > permitted-cross-domain-policies="all"/> > > <allow-access-from > domain="*"/> > > </cross-domain-policy> > > > > Policy file 2: > > <?xml version="1.0" encoding="utf-8"?> > > <!DOCTYPE cross-domain-policy > > SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'> > > <cross-domain-policy> > > <allow-access-from > domain="*.example.com" secure="false"/> > > </cross-domain-policy> > > > > > > Here's my policyfiles.txt log > > OK: Root-level SWF loaded: http://stage.example.com/media/swf/game.swf > > OK: Searching for <allow-access-from> in policy > files to authorize data loading from resource at > https://stage.example.com/game/direct_payment by > requestor from http://stage.example.com/media/swf/game.swf > > OK: Policy file accepted: https://stage.example.com/crossdomain.xml > > Error: Request for resource at > > https://stage.example.com/game/direct_payment by > requestor from http://stage.example.com/media/swf/game.swf is denied > due to lack of policy file permissions. > > > > > > Thanks! > > > > --- On Wed, 1/13/10, Glen Pike <postmas...@glenpike.co.uk> > wrote: > > > >> From: Glen Pike <postmas...@glenpike.co.uk> > >> Subject: Re: [Flashcoders] Crossdomain.xml, shared > hosting, https, oh my! > >> To: "Flash Coders List" <flashcoders@chattyfig.figleaf.com> > >> Date: Wednesday, January 13, 2010, 7:07 PM > >> Hi, > >> > >> I think you need to add in the > >> secure="false" and make sure that is the cross > domain file > >> served from the https connection on the server.. > >> > >> > >>http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html#allow-access-from-secure > >> > >> e.g. > >> > >> <allow-access-from > domain="http://stage.example.com"; secure="false"/> > >> > >> Not sure about policy file logging - managed > on Linux, but > >> never tried on Mac. You need to run the > Debug player > >> to get it to log though. > >> > >> Also, if you are using > https, watch out > >> for www. vs non-www - the SSL certificates > sometimes don't > >> cover both these domain names, so you may have to > ensure > >> your clients always get redirected to the dubs or > non-dubs > >> one, point Firefox at https://www.blah and https://blah and see > >> if it chucks a security exception. If this > happens, > >> you could serve the swf over https and redirect > requests for > >> http to https with mod_rewrite in an .htacess > file. > >> > >> HTH > >> > >> Glen > >> > >> > >> > >> Steven Loe wrote: > >>> Okay I've gotten the server folks to allow me > to serve > >> my own crossdomain.xml file. How do I craft a > crossdomain > >> policy file that will allow the swf (served via > http) to > >> access data served via https within the same > domain? > >>> Here's my error: > >>> 2048: Security sandbox violation: http://example.com/media/swf/game.swf > >>> cannot load data > >> from https://example.com/secure/game/direct_payment. > >>> > >>> I've tried this: <?xml version="1.0" > >> encoding="utf-8"?> > >>> <!DOCTYPE cross-domain-policy > >>> SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'> > >>> <cross-domain-policy> > >>> <allow-access-from > >> domain="*"/> > >>> </cross-domain-policy> > >>> > >>> I've also tried this: > >>> <?xml version="1.0"?> > >>> <!DOCTYPE cross-domain-policy SYSTEM > >>> "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd";> > >>> <cross-domain-policy> > >>> <site-control > >> permitted-cross-domain-policies="all"/> > >>> <allow-access-from > >> domain="www.example.com"/> > >>> <allow-access-from > >> domain="example.com"/> > >>> <allow-access-from > >> domain="stage.example.com"/> > >>> <allow-access-from > >> domain="www.stage.example.com"/> > >>> <allow-access-from > >> domain="stage.example.com"/> > >>> <allow-access-from > domain="http://stage.example.com"/> > >>> <allow-access-from > domain="http://www.stage.example.com"/> > >>> <allow-access-from > domain="https://stage.example.com"/> > >>> <allow-access-from > domain="https://www.stage.example.com"/> > >>> <allow-access-from > domain="http://example.com"/> > >>> <allow-access-from > domain="http://www.example.com"/> > >>> <allow-access-from > domain="https://example.com"/> > >>> <allow-access-from > domain="https://www.example.com"/> > >>> </cross-domain-policy> > >>> > >>> > >>> Neither work. I've tried placing the policy > file at > >> root and in the /game folder. No Luck. Any ideas > as to what > >> I'm doing wrong here? > >>> > >>> Also, has anyone had luck getting policy file > logging > >> to work on osx? I've followed adobe's recipe but > there seems > >> to be no policyfiles.txt log file on my machine. > >>> > >>> thanks > >>> > >>> > _______________________________________________ > >>> Flashcoders mailing list > >>> Flashcoders@chattyfig.figleaf.com > >>> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > >>> > >>> > >> > >> --Glen Pike > >> 01326 218440 > >> www.glenpike.co.uk <http://www.glenpike.co.uk> > >> > >> _______________________________________________ > >> Flashcoders mailing list > >> Flashcoders@chattyfig.figleaf.com > >> http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > >> > > > > _______________________________________________ > > Flashcoders mailing list > > Flashcoders@chattyfig.figleaf.com > > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > > _______________________________________________ > Flashcoders mailing list > Flashcoders@chattyfig.figleaf.com > http://chattyfig.figleaf.com/mailman/listinfo/flashcoders > _______________________________________________ Flashcoders mailing list Flashcoders@chattyfig.figleaf.com http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
