8 Replies Latest reply on Mar 17, 2008 9:49 PM by theLoggerGuy

    crossdomain.xml with Flash player 9.0.115.0

    theLoggerGuy Level 1
      Hi gurus,

      I have just spent the best part of a day wading through the new security features of Flash Player 9.0.115.0. I use flash.socket library, so I have discovered that error message I've been getting will get worse, ie., next version of the Flash Player may not even connect. So I got the good oil from here.

      I have written a crossdomain.xml file that looks like this (it's in the www root):
      <?xml version="1.0"?>
      <cross-domain-policy>
      <site-control permitted-cross-domain-policies="master-only"/>
      <allow-access-from domain="192.168.5.201" to-ports="7700"/>
      </cross-domain-policy>

      Problem is that the flash player adds the follwing line to the \Logs\policyFiles.txt it generates:
      Warning: Domain 192.168.5.201 does not specify a meta-policy. Applying default meta-policy 'all'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

      From my reading I have specified a meta-policy with the line:
      <site-control permitted-cross-domain-policies="master-only"/>

      So my question is why can't it find the meta-policy?
        • 1. Re: crossdomain.xml with Flash player 9.0.115.0
          kcell Level 2
          Hi LoggerGuy,

          Are you sure that you have put the crossdomain.xml on the right webserver?

          The policy allows access from domain 192.168.5.201 (lets call this server WS A) to the webserver where the policy is installed. (lets call this server WS B).

          The Warning also displays 192.168.5.201 (WS A), where no policy is placed which fits to you description.

          I guess you want to get data from WS A, so it may help you if you put a crossdomain.xml on WS A (with the IP of WS B).

          Let me know if this solved your problem or if I understood something wrong.

          kcell
          • 2. Re: crossdomain.xml with Flash player 9.0.115.0
            theLoggerGuy Level 1
            kcell,

            thanks for the reply. Actually you are a bit ahead of me. I have a single web-server and I'm not actually trying to cross domains! However, the security advice says (page 4 of the link I gave in my original post) "A URL policy file authorizes data loading from its own HTTP, HTTPS, or FTP server, whereas a socket policy file authorizes socket connections to its own host."

            So because I'm using a socket connection I still need a crossdomain.xml. For this sockect connection I am going to open up port 843 (as Adobe recommends) on my web-server for this policy to be loaded when calling flash.socket.connect(...).

            However, that isn't actually my problem. What I've also done, I think, is added a line to my crossdomain.xml file that will define a meta-policy, to prevent clients from other domains accessing my server (also recommended by Adobe). The line is: <site-control permitted-cross-domain-policies="master-only"/>, but I don't think my SWF is reading the file because I get that error message:
            Warning: Domain 192.168.5.201 does not specify a meta-policy. Applying default meta-policy 'all'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

            Sory about the excessive waffle!
            • 3. Re: crossdomain.xml with Flash player 9.0.115.0
              ntsiii Level 3
              I'm with kcell. Be sure your crossdomain.xml file is in the right place. The "right place" is not always obvious.

              I also had to add that "site-control" stuff to my crossdomain.xml file for 9.x. Can we just shoot the hackers that make this crap necessary?

              Tracy
              • 4. Re: crossdomain.xml with Flash player 9.0.115.0
                theLoggerGuy Level 1
                Guys,
                my crossdomain.xml is in the root of my web server.
                I have only one crossdomain file (which is why I chose "master-only").
                My reading suggests that I have satisfied what the Flash Player expects.

                Still the error persists :-(

                Tracy, would you mind posting an example of your crossdomain.xml file for a sanity check.

                Thanks.

                TLG
                • 5. Re: crossdomain.xml with Flash player 9.0.115.0
                  kcell Level 2
                  Hi,

                  hm ... there is a entry in the bug database

                  SDK-14610, which seems to handle a part of your behaviour.

                  Due to this bug FP 115 is not able to get the crossdomain.xml via port 80 and validate access for sockets on different ports.

                  The bug reports messages in the ouput window when the debug app try to connect.

                  Can you check your output window for information about the policies or the which connections are opened to load the policies?

                  kcell
                  • 6. Re: crossdomain.xml with Flash player 9.0.115.0
                    theLoggerGuy Level 1
                    kcell,

                    sorry about the delay - public holiday. Anyway i've had a look at that bug and the "policyfiles.txt", but it doesn't look like the culprit - of course who knows, it may be related.

                    My policyfiles.txt is a bit different as my error string is to do with a meta-policy not being present.

                    I've had a look on the bug database, but could find nothing.

                    It appears that I am, unfortunately, no closer to a solution.

                    Thanks
                    • 7. crossdomain.xml with Flash player 9.0.115.0
                      kcell Level 2
                      Hi logger,

                      you mentioned that you are not sure if the you app tries to connect to port 843.

                      Are there any hints in the log that the app at least tried to connect to port 843 ?

                      best regards,
                      kcell

                      The bug report (noted that I posted a non valid link) , mentioned:
                      ...
                      Actual Results:
                      The Flash player debug version displays the following logs (see attachment, apologize for french logs)
                      request for policy file on port 843 but the port is not opened
                      ...


                      • 8. Re: crossdomain.xml with Flash player 9.0.115.0
                        theLoggerGuy Level 1
                        Just thought I'd finish this off.

                        Today I restarted my XP Virtual machine and hey-presto it all starts to work. Further investigation lead me to find that, for whatever reason, Firefox was not re-reading the crossdamain.xml file, but instead sticking with what it reads the first time it is run (from a cold boot)!

                        IE does not seem to suffer from this caching, but at least I finally found why it wasn't working - it wasn't reading any changes I made to the crossdomain.xml file.

                        Thanks kcell for your time.