I'm at my wits end... I have a Flex client using a Socket (not an XMLSocket) to talk to a Java server. All of this with Java 1.5, Firefox 3.5.4, Flash 10.0.32.18 and FlexBuilder 3.
The Java end listens on two ports, 843, through which it serves only the policy file, and 45455, which is a port of my choosing for the rest of my communication. On the Java end I process the <policy-file-request/> and return the following policy file... <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd";><cross-domain-policy><site-control permitted-cross-domain-policies="all"/><allow-access-from domain="*" to-ports="45455,843" secure="false"/></cross-domain-policy> I can do this from either port 843 or 45455, I respond the same way in both cases. I have tried *many* variations in my Flex code, but whatever I do I get a sandbox error 2048 after about 12 seconds, although my very first socket flush goes through OK. Here are some variations I have tried with the same result: - manually calling Security.loadPolicyFile("xmlsocket://myip:843") - manually calling Security.loadPolicyFile("myip:843") - manually calling Security.loadPolicyFile("xmlsocket://myip:45455") - manually calling Security.loadPolicyFile("myip:45455") - standing up an apache server and adding crossdomain.xml at the root - manually calling Security.loadPolicyFile("http://myip/crossdomain.xml";) - not calling Security.loadPolicyFile() at all, just making the socket request. In this case the player connects on 843, the server responds with the policy file, the player debug log says it accepts the policy file and then immediately throws a #2048 and disconnects the socket. - permissive policy, i.e. * for everything I get slightly different timing behaviour if I connect from another machine on my local network, but the net result is the same, I cannot persist a socket beyond one, or maybe two requests. I have read the Adobe security posts about a hundred times, written a bunch of harnesses to make sure I am serving the right thing up, added null charaters on the end, and removed them, forced it to fail with different errors by serving a syntactically incorrect policy file, trie different ports, downloaded 19 other people's code samples and tried them, and all the stuff you would do before you admit defeat. If I didn't know better I'd say there's a bug... could there be a bug? I can post more code, but to be honest I'm doing nothing complicated on the client end, I simply create a Socket, bind it to the IP and port, send a String down it with writeUTFBytes() and flush(). Even the simplest possible client with just those 5 lines of code in it fails. What obvious thing have I missed?
