Skip navigation
mr_n0thing
Currently Being Moderated

crossdomain.xml hell

Aug 30, 2013 12:50 PM

Tags: #flex #security #crossdomain.xml #crossdomain_xml

Hi, all!

 

I've been struggling with flash permissions and crossdomain.xml file 5 days already... Here is the situation I have:

 

I've wrote flash application which records audio on one server and uploads it on another server. So, as you likely guessed, I faced that security sandbox violation exceptions/errors:

 

Error #2044: Unhandled securityError:. text=Error #2170: Security sandbox violation: https://192.168.10.10:9090/foo/bar cannot send HTTP headers to https://192.168.10.11/some/path

 

I thought that adding the following crossdomain.xml:

 

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd>
<cross-domain-policy>
    <site-control permitted-cross-domain-policies="all"/>    
    <allow-http-request-headers-from domain="*" headers="*" secure="true" />
    <allow-access-from domain="*" secure="true" />
</cross-domain-policy>

 

to the root of the server will do all the tricks (ha, how naive I was).

Ok, I put it to the root of my server, but error didn't gone for some reason. I looked at the logs flash player produces and the following was stated there:

 

Warning: Failed to load policy file from https://192.168.22.103/crossdomain.xml

 

But, wait a moment, I can see this file via browser at exactly this address (though this is https and it asks me to accept certificate as usual).

 

So could please somebody help me?

That's the most frustrating thing I faced ever.

 

Thanks you all for any help, it is much appreciated!

 
Replies
  • Currently Being Moderated
    Aug 31, 2013 9:21 PM   in reply to mr_n0thing

    It could be the fact that you have to accept the cert going over https.

     
    |
    Mark as:
  • Currently Being Moderated
    Sep 1, 2013 8:41 PM   in reply to mr_n0thing

    I don't think there is much intelligence in the FP's fetch of crossdomain.xml.  I'm no expert in this area, but I think if you fetch crossdomain.xml from the browser and it puts up a dialog about the certificate then the response from the server was probably not status==SUCCESS and at that point the FP will just give up.  You would need a legitimate certificate instead.  You should get one anyway so as not to annoy your users when you eventually deploy.

     

    -Alex

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points