10 Replies Latest reply on May 26, 2006 10:51 PM by poonamsheth

    CROSS DOMAIN POLICY

    TIPLVinay Level 1
      Flex 1.5
      HI anyone told me why to use the crossdomain policy and where to put the
      crossdomain.xml file in an webapplication(Web Server)
      is it in WEB-INF/
      or in
      WEB-INF/Flex/

      Thanks in advance!
        • 1. Re: CROSS DOMAIN POLICY
          ntsiii Level 3
          It actaully goes in the very top level of the web site or application.

          In my case, I have a flex app at localhost:8080 that needs permission to talk to an asp.net application on IIS. I had to put the crossdomain file in the root of the IIS virtual folder.

          In a pure J2EE situation, I believe it should go in the first folder under the server (maybe IN the server folder). The way I figured mine out was to put a copy in every folder in my app until it worked, then took them out one by one.

          Tracy
          • 2. Re: CROSS DOMAIN POLICY
            TIPLVinay Level 1
            Is it required if you are calling a JSP(using HTTPServices) resides in the same web application.?
            • 3. Re: CROSS DOMAIN POLICY
              ntsiii Level 3
              What is the url for the Flex app, and what is the url for the jsp?
              • 4. Re: CROSS DOMAIN POLICY
                TIPLVinay Level 1
                Web Application URL:
                http://localhost:8080/FlexSite

                JSP Page URL
                http://localhost:8080/FlexSite/JSP/jcookies.jsp

                I have i configured this in the flex-config.xml as

                <http-service-proxy>

                <proxy-use-policy>always</proxy-use-policy>
                <url>{localserver}/flashproxy</url>
                <https-url>{localserver}/flashproxy</https-url>

                <!-- use proxy specified via flashvars or query parameter ?proxyURL=XXX -->
                <!--<allow-url-override>false</allow-url-override>

                <allow-lax-ssl>false</allow-lax-ssl>-->

                <whitelist>
                <!-- whitelist config for unnamed services -->
                <unnamed>
                <url> http://{localserver}/FlexSite/JSP/jcookie.jsp</url>
                </unnamed>

                <named>
                <service name="CookieSrv">
                <url>{localserver}/JSP/jcookie.jsp</url>
                <use-custom-authentication>true</use-custom-authentication>
                </service>
                </named>
                </whitelist>
                </http-service-proxy>

                What it gives error something like this:-
                URL not configured in flex whitelist.

                I have ckecked it both ways(using named and unnamed but failed:

                Is it requires CrossDomain.xml or any other solution for this.

                Thanks and Regards



                • 5. Re: CROSS DOMAIN POLICY
                  ntsiii Level 3
                  You do not need a crossdomain file in this case.

                  Your problem may be that you have a typo in the flex-config in the whitelist url. cookie vs cookies.

                  Tracy
                  • 6. Re: CROSS DOMAIN POLICY
                    ntsiii Level 3
                    No you do not need a crossdomain file in this sitation.

                    Your problem may be the type in flex-config whitelist: check spelling, cookie vs cookies

                    Tracy
                    • 7. Re: CROSS DOMAIN POLICY
                      TIPLVinay Level 1
                      No url is :
                      http://localhost:8080/FlexSite/JSP/jcookie.jsp

                      plz suggest wht is wrong.

                      And when we need crossdomain.xml in our flex application.
                      • 8. Re: CROSS DOMAIN POLICY
                        ntsiii Level 3
                        You need a cross domain file when you are not using the flex proxy and your application (Flex client running in Flash player) requests data from a domain that is different from the domain that served the flex app swf.

                        Try using the global permissions setting. Just uncomment it, see if that fixes things. It is not a good idea to run with this setting in production.

                        Tracy
                        • 9. Re: CROSS DOMAIN POLICY
                          TIPLVinay Level 1
                          quote:

                          Originally posted by: ntsiii
                          You need a cross domain file when you are not using the flex proxy and your application (Flex client running in Flash player) requests data from a domain that is different from the domain that served the flex app swf.

                          Try using the global permissions setting. Just uncomment it, see if that fixes things. It is not a good idea to run with this setting in production.

                          Tracy


                          • 10. Re: CROSS DOMAIN POLICY
                            poonamsheth Level 1
                            hey if others want to knoe whats cross domain policy,, then i think the whole problem and solution can be understood

                            To Create a crossdomain policy file

                            Your system might be configured to allow a Flex application to
                            directly access server-side resources on different domains or
                            different computers without going through a proxy. These operations
                            fail under the following conditions:

                            * When the Flex application's SWF file references a URL, and
                            that URL is outside the exact domain of the SWF file that makes the
                            request
                            * When the Flex application's SWF file reference an HTTPS URL,
                            and the SWF file that makes the request is not served over HTTPS

                            To make a data service or asset available to SWF files in different
                            domains or on different machines, use a crossdomain policy file on
                            the server that hosts the data service or asset. A crossdomain
                            policy file is an XML file that provides a way for the server to
                            indicate that its data services and assets are available to SWF
                            files served from certain domains, or from all domains. Any SWF
                            file that is served from a domain specified by the server's policy
                            file is permitted to access a data service or asset from that
                            server. By default, place the crossdomain.xml at the root directory
                            of the server that is serving the data.


                            When a Flash document attempts to access data from another domain,
                            Flash Player attempts to load a policy file from that domain. If
                            the domain of the Flash document that is attempting to access the
                            data is included in the policy file, the data is automatically
                            accessible.

                            Policy files function only on servers that communicate over HTTP,
                            HTTPS,or FTP. The policy file is specific to the port and protocol
                            of the server where it resides. For example, a policy file located at
                            https://www.adobe.com:8080/crossdomain.xml applies only to data
                            loading calls made to www.adobe.com over HTTPS at port 8080.

                            An exception to this rule is the use of an XMLSocket object to
                            connect to a socket server in another domain. In that case, an
                            HTTP server running on port 80 in the same domain as the socket
                            server must provide the policy file for the method call.

                            The Flash Player ignores any policy file that is served using a
                            cross-domain redirect. For example, if Flash Player request for
                            http://www.mysite.com/crossdomain.xml redirects to
                            http://elsewhere.mysite.com/crossdomain.xml, Flash Player
                            ignores that policy file. Ensure that you do not use cross-domain
                            redirects to serve policy files. (You can use redirects within the
                            same domain.)

                            The default policy file is named crossdomain.xml and resides at the
                            root directory of the server that is serving the data. You can use the
                            loadPolicyFile() method to access a nondefault policy file.

                            In J2EE, web applications can have a different context roots, and you
                            are not required to deploy any application to the default context
                            root ("/"). This means that you cannot use a crossdomain.xml file in
                            the web root without adding at least one web application at the default
                            context root.