[flexcoders] Security sandbox violation error with socket connection
Hi All, I am stumped. I had to use a socket to connect to a fully RESTfull (PUT, DELETE ect..) web service endpoint on our server. It has been testing fine when running from my local file system (actually have been wondering why I am not getting sandbox errors as this is definately not connecting to the same host...). However, once I deploy the app to the server, I am now getting Error#2048 Security Sandbox violation: Error#2048 Security sandbox violation http://10.0.2.30/flashclient/MainStage.swf cannot load data from 10.0.2.30:80. Very strange as you can see the swf is loaded from the same host... I added the following crossdomain.xml to the server root but am still getting the error, do I have to write custom code to fetche the policy file as I dont even see flash VM requesting it in server access logs? ?xml version=1.0 ? cross-domain-policy allow-access-from domain=* / /cross-domain-policy Any help is much appreciated. Thanks, Greg
RE: [flexcoders] Security sandbox violation error with socket connection
1. http://10.0.2.30/ is not the same domain as 10.0.2.30:80 2. If you type this into a browser, you should see your crossdomain xml file: http://10.0.2.30:80/crossdomain.xml http://10.0.2.30/crossdomain.xml 3. That crossdomain file is old, there are new required entries for the latest Flash player. I have posted them before on this list. Search for FYI in the subject line. Tracy From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Greg Hess Sent: Wednesday, July 16, 2008 1:55 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Security sandbox violation error with socket connection Hi All, I am stumped. I had to use a socket to connect to a fully RESTfull (PUT, DELETE ect..) web service endpoint on our server. It has been testing fine when running from my local file system (actually have been wondering why I am not getting sandbox errors as this is definately not connecting to the same host...). However, once I deploy the app to the server, I am now getting Error#2048 Security Sandbox violation: Error#2048 Security sandbox violation http://10.0.2.30/flashclient/MainStage.swf http://10.0.2.30/flashclient/MainStage.swf cannot load data from 10.0.2.30:80. Very strange as you can see the swf is loaded from the same host... I added the following crossdomain.xml to the server root but am still getting the error, do I have to write custom code to fetche the policy file as I dont even see flash VM requesting it in server access logs? ?xml version=1.0 ? cross-domain-policy allow-access-from domain=* / /cross-domain-policy Any help is much appreciated. Thanks, Greg
Re: [flexcoders] Security sandbox violation error with socket connection
Thanks Tracy, much appreciated. I found your previous post and have been reading many of the articles referenced and am still frusterated. I thought you were harsh with your 'execute the jerks' comment but am almost ready to join you :-). Unfortunately, I am still getting my sandbox violation after making the following changes: crossdomain.xml: ?xml version=1.0 ? cross-domain-policy allow-access-from domain=* to-ports=80,443 / allow-http-request-headers-from domain=* headers=* / site-control permitted-cross-domain-policies=master-only/ /cross-domain-policy Server stub code: Security.loadPolicyFile(http://10.0.2.30:80/crossdomain.xml;); //Called before any socket.connect() I can now see the the policy file is requested and returned in the server access logs. However, error is still thrown. Our server does make use of rewrite rules and requests get redirected removing the port. For example when I request http://10.0.2.30:80/crossdomain.xml, I get redirected to http://10.0.2.30/crossdomain.xml. Not sure if that is a problem, but... What the heck am I doing wrong? Any help is much appreciated! Thanks, Greg On Wed, Jul 16, 2008 at 2:19 PM, Tracy Spratt [EMAIL PROTECTED] wrote: 1. http://10.0.2.30/ is not the same domain as 10.0.2.30:80 2. If you type this into a browser, you should see your crossdomain xml file: http://10.0.2.30:80/crossdomain.xml 3. That crossdomain file is old, there are new required entries for the latest Flash player. I have posted them before on this list. Search for FYI in the subject line. Tracy From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Greg Hess Sent: Wednesday, July 16, 2008 1:55 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Security sandbox violation error with socket connection Hi All, I am stumped. I had to use a socket to connect to a fully RESTfull (PUT, DELETE ect..) web service endpoint on our server. It has been testing fine when running from my local file system (actually have been wondering why I am not getting sandbox errors as this is definately not connecting to the same host...). However, once I deploy the app to the server, I am now getting Error#2048 Security Sandbox violation: Error#2048 Security sandbox violation http://10.0.2.30/flashclient/MainStage.swf cannot load data from 10.0.2.30:80. Very strange as you can see the swf is loaded from the same host... I added the following crossdomain.xml to the server root but am still getting the error, do I have to write custom code to fetche the policy file as I dont even see flash VM requesting it in server access logs? ?xml version=1.0 ? cross-domain-policy allow-access-from domain=* / /cross-domain-policy Any help is much appreciated. Thanks, Greg
RE: [flexcoders] Security sandbox violation error with socket connection
Sorry, man, we have reached the end of my knowledge on this one. I'd try a wildcard in the to-ports attribute, but that is all I can suggest. Have you gone to the source for this, that is, the security documentation? There my be additional requirements for socket access. Tracy From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Greg Hess Sent: Wednesday, July 16, 2008 3:14 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Security sandbox violation error with socket connection Thanks Tracy, much appreciated. I found your previous post and have been reading many of the articles referenced and am still frusterated. I thought you were harsh with your 'execute the jerks' comment but am almost ready to join you :-). Unfortunately, I am still getting my sandbox violation after making the following changes: crossdomain.xml: ?xml version=1.0 ? cross-domain-policy allow-access-from domain=* to-ports=80,443 / allow-http-request-headers-from domain=* headers=* / site-control permitted-cross-domain-policies=master-only/ /cross-domain-policy Server stub code: Security.loadPolicyFile(http://10.0.2.30:80/crossdomain.xml http://10.0.2.30:80/crossdomain.xml ); //Called before any socket.connect() I can now see the the policy file is requested and returned in the server access logs. However, error is still thrown. Our server does make use of rewrite rules and requests get redirected removing the port. For example when I request http://10.0.2.30:80/crossdomain.xml, http://10.0.2.30:80/crossdomain.xml, I get redirected to http://10.0.2.30/crossdomain.xml. http://10.0.2.30/crossdomain.xml. Not sure if that is a problem, but... What the heck am I doing wrong? Any help is much appreciated! Thanks, Greg On Wed, Jul 16, 2008 at 2:19 PM, Tracy Spratt [EMAIL PROTECTED] mailto:tspratt%40lariatinc.com wrote: 1. http://10.0.2.30/ http://10.0.2.30/ is not the same domain as 10.0.2.30:80 2. If you type this into a browser, you should see your crossdomain xml file: http://10.0.2.30:80/crossdomain.xml http://10.0.2.30:80/crossdomain.xml 3. That crossdomain file is old, there are new required entries for the latest Flash player. I have posted them before on this list. Search for FYI in the subject line. Tracy From: flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com [mailto:flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com ] On Behalf Of Greg Hess Sent: Wednesday, July 16, 2008 1:55 PM To: flexcoders@yahoogroups.com mailto:flexcoders%40yahoogroups.com Subject: [flexcoders] Security sandbox violation error with socket connection Hi All, I am stumped. I had to use a socket to connect to a fully RESTfull (PUT, DELETE ect..) web service endpoint on our server. It has been testing fine when running from my local file system (actually have been wondering why I am not getting sandbox errors as this is definately not connecting to the same host...). However, once I deploy the app to the server, I am now getting Error#2048 Security Sandbox violation: Error#2048 Security sandbox violation http://10.0.2.30/flashclient/MainStage.swf http://10.0.2.30/flashclient/MainStage.swf cannot load data from 10.0.2.30:80. Very strange as you can see the swf is loaded from the same host... I added the following crossdomain.xml to the server root but am still getting the error, do I have to write custom code to fetche the policy file as I dont even see flash VM requesting it in server access logs? ?xml version=1.0 ? cross-domain-policy allow-access-from domain=* / /cross-domain-policy Any help is much appreciated. Thanks, Greg
Re: [flexcoders] Security sandbox violation error with socket connection
Thanks Tracy! I have read almost everything and still dont have it down as to what I need. But yes you are right socket policy files are a bit different. I just posted a new thread titled 'non-master socket policy files - head spinning - pls help?'. Hopefully someone can help. Much appreciated! Cheers, Greg On Wed, Jul 16, 2008 at 4:49 PM, Tracy Spratt [EMAIL PROTECTED] wrote: Sorry, man, we have reached the end of my knowledge on this one. I'd try a wildcard in the to-ports attribute, but that is all I can suggest. Have you gone to the source for this, that is, the security documentation? There my be additional requirements for socket access. Tracy From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Greg Hess Sent: Wednesday, July 16, 2008 3:14 PM To: flexcoders@yahoogroups.com Subject: Re: [flexcoders] Security sandbox violation error with socket connection Thanks Tracy, much appreciated. I found your previous post and have been reading many of the articles referenced and am still frusterated. I thought you were harsh with your 'execute the jerks' comment but am almost ready to join you :-). Unfortunately, I am still getting my sandbox violation after making the following changes: crossdomain.xml: ?xml version=1.0 ? cross-domain-policy allow-access-from domain=* to-ports=80,443 / allow-http-request-headers-from domain=* headers=* / site-control permitted-cross-domain-policies=master-only/ /cross-domain-policy Server stub code: Security.loadPolicyFile(http://10.0.2.30:80/crossdomain.xml;); //Called before any socket.connect() I can now see the the policy file is requested and returned in the server access logs. However, error is still thrown. Our server does make use of rewrite rules and requests get redirected removing the port. For example when I request http://10.0.2.30:80/crossdomain.xml, I get redirected to http://10.0.2.30/crossdomain.xml. Not sure if that is a problem, but... What the heck am I doing wrong? Any help is much appreciated! Thanks, Greg On Wed, Jul 16, 2008 at 2:19 PM, Tracy Spratt [EMAIL PROTECTED] wrote: 1. http://10.0.2.30/ is not the same domain as 10.0.2.30:80 2. If you type this into a browser, you should see your crossdomain xml file: http://10.0.2.30:80/crossdomain.xml 3. That crossdomain file is old, there are new required entries for the latest Flash player. I have posted them before on this list. Search for FYI in the subject line. Tracy From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Greg Hess Sent: Wednesday, July 16, 2008 1:55 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Security sandbox violation error with socket connection Hi All, I am stumped. I had to use a socket to connect to a fully RESTfull (PUT, DELETE ect..) web service endpoint on our server. It has been testing fine when running from my local file system (actually have been wondering why I am not getting sandbox errors as this is definately not connecting to the same host...). However, once I deploy the app to the server, I am now getting Error#2048 Security Sandbox violation: Error#2048 Security sandbox violation http://10.0.2.30/flashclient/MainStage.swf cannot load data from 10.0.2.30:80. Very strange as you can see the swf is loaded from the same host... I added the following crossdomain.xml to the server root but am still getting the error, do I have to write custom code to fetche the policy file as I dont even see flash VM requesting it in server access logs? ?xml version=1.0 ? cross-domain-policy allow-access-from domain=* / /cross-domain-policy Any help is much appreciated. Thanks, Greg
