Re: [Flashcoders] Crossdomain.xml, shared hosting, https, oh my!

Fri, 15 Jan 2010 01:20:35 -0800 

Instead of: Policy file 2 is here: 
http://stage.example.com/game/crossdomain.xml:
Try: Policy file 2 here: http://stage.example.com/crossdomain.xml:
and specify /game/ as an okay directory.

John



Steven Loe wrote:
I'm still getting a security sandbox error when the swf tries to get data via https. What am I doing wrong here? 
The swf is loaded via http at http://stage.example.com/media/swf/game.swf
The credit card data is Loaded/sent via https at 
https://stage.example.com/game/direct_payment
Policy File 1 is here: http://stage.example.com/crossdomain.xml
Policy file 2 is here: http://stage.example.com/game/crossdomain.xml:

Policy File 1:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy
  SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'>
<cross-domain-policy>
        <site-control permitted-cross-domain-policies="all"/>
        <allow-access-from domain="*"/>
</cross-domain-policy>

Policy file 2:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy
  SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'>
<cross-domain-policy>
        <allow-access-from domain="*.example.com" secure="false"/>
</cross-domain-policy>


Here's my policyfiles.txt log
OK: Root-level SWF loaded: http://stage.example.com/media/swf/game.swf
OK: Searching for <allow-access-from> in policy files to authorize data loading 
from resource at https://stage.example.com/game/direct_payment by requestor from 
http://stage.example.com/media/swf/game.swf
OK: Policy file accepted: https://stage.example.com/crossdomain.xml
Error: Request for resource at https://stage.example.com/game/direct_payment by 
requestor from http://stage.example.com/media/swf/game.swf is denied due to 
lack of policy file permissions.


Thanks!

--- On Wed, 1/13/10, Glen Pike <postmas...@glenpike.co.uk> wrote:


From: Glen Pike <postmas...@glenpike.co.uk>
Subject: Re: [Flashcoders] Crossdomain.xml, shared hosting, https, oh my!
To: "Flash Coders List" <flashcoders@chattyfig.figleaf.com>
Date: Wednesday, January 13, 2010, 7:07 PM
Hi,

   I think you need to add in the
secure="false" and make sure that is the cross domain file
served from the https connection on the server..

   
http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html#allow-access-from-secure

   e.g.

    <allow-access-from domain="http://stage.example.com"; secure="false"/>

 Not sure about policy file logging - managed on Linux, but
never tried on Mac.  You need to run the Debug player
to get it to log though.

    Also, if you are using https, watch out
for www. vs non-www - the SSL certificates sometimes don't
cover both these domain names, so you may have to ensure
your clients always get redirected to the dubs or non-dubs
one, point Firefox at https://www.blah and https://blah and see
if it chucks a security exception.  If this happens,
you could serve the swf over https and redirect requests for
http to https with mod_rewrite in an .htacess file.
HTH 

Glen
Steven Loe wrote: 
Okay I've gotten the server folks to allow me to serve

my own crossdomain.xml file. How do I craft a crossdomain
policy file that will allow the swf (served via http) to
access data served via https within the same domain? 
Here's my error:
2048: Security sandbox violation: http://example.com/media/swf/game.swf cannot 
load data

from https://example.com/secure/game/direct_payment.

I've tried this: <?xml version="1.0"

encoding="utf-8"?>

<!DOCTYPE cross-domain-policy
   SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'>
<cross-domain-policy>
    <allow-access-from

domain="*"/>

</cross-domain-policy>

I've also tried this:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM 
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd";>
<cross-domain-policy>
    <site-control

permitted-cross-domain-policies="all"/>

    <allow-access-from

domain="www.example.com"/>

    <allow-access-from

domain="example.com"/>

    <allow-access-from

domain="stage.example.com"/>

    <allow-access-from

domain="www.stage.example.com"/>

    <allow-access-from

domain="stage.example.com"/>

    <allow-access-from domain="http://stage.example.com"/>
    <allow-access-from domain="http://www.stage.example.com"/>
    <allow-access-from domain="https://stage.example.com"/>
    <allow-access-from domain="https://www.stage.example.com"/>
    <allow-access-from domain="http://example.com"/>
    <allow-access-from domain="http://www.example.com"/>
    <allow-access-from domain="https://example.com"/>
    <allow-access-from domain="https://www.example.com"/>
</cross-domain-policy>


Neither work. I've tried placing the policy file at

root and in the /game folder. No Luck. Any ideas as to what
I'm doing wrong here?

Also, has anyone had luck getting policy file logging

to work on osx? I've followed adobe's recipe but there seems
to be no policyfiles.txt log file on my machine.

thanks

_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders


--
Glen Pike
01326 218440
www.glenpike.co.uk <http://www.glenpike.co.uk>

_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders



_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders





_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders

Reply via email to