Just wanted to post back that this is solved, so that it may help someone else:
I found that I had to load both of the policy files over https in order to make
the crossdomain policy take effect.
First line of the document class' constructor:
Security.loadPolicyFile('https://stage.example.com/crossdomain.xml');
Security.loadPolicyFile('https://stage.example.com/game/crossdomain.xml');
Happy OK message in my policyfiles.txt log:
OK: Request for resource at https://stage.example.com/game/direct_payment by
requestor from http://stage.example.com/media/swf/game.swf is permitted due to
policy file at https://stage.example.com/game/crossdomain.xml
Crossdomain.xml files and web service paths are as below:
Thanks!
Now that this is working, I can play with getting rid of the '*'
> > The swf is loaded via http at http://stage.example.com/media/swf/game.swf
> > The credit card data is Loaded/sent via https at
> > https://stage.example.com/game/direct_payment
> > Policy File 1 is here: http://stage.example.com/crossdomain.xml
> > Policy file 2 is here: http://stage.example.com/game/crossdomain.xml:
> >
> > Policy File 1:
> > <?xml version="1.0" encoding="utf-8"?>
> > <!DOCTYPE cross-domain-policy
> > SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'>
> > <cross-domain-policy>
> > <site-control
> permitted-cross-domain-policies="all"/>
> > <allow-access-from
> domain="*"/>
> > </cross-domain-policy>
> >
> > Policy file 2:
> > <?xml version="1.0" encoding="utf-8"?>
> > <!DOCTYPE cross-domain-policy
> > SYSTEM 'http://www.adobe.com/xml/dtds/cross-domain-policy.dtd'>
> > <cross-domain-policy>
> > <allow-access-from
> domain="*.example.com" secure="false"/>
> > </cross-domain-policy>
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
