7 Replies Latest reply on Jun 8, 2008 5:14 PM by Jeff Taps

    Meta Policy

    PigFoxeria
      Going through the book Adobe Flex 3 Training from the source, I get the following error.
      Warning: Domain www.flexgrocer.com does not specify a meta-policy. Applying default meta-policy 'all'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.
      The referred to doc does not describe what other attribute needed in (I think)
      <mx:HTTPService id="prodByCatRPC" url=" http://www.flexgrocer.com/categorizedProducts.xml" resultFormat="e4x"/>
      Does anyone have a solution?
        • 1. Re: Meta Policy
          matthew horn Level 3
          The third page of that link has a section on meta policies:

          http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_03.html

          Basically, the warnings is that there is no meta-policy on that server. You can't do anything if you are a consumer of the info on that server, but you could contact the server's host and ask them to update their policy file.

          Right now, this isn't a problem, though, as all you get is a warnings. However, in some future version of the player, the meta-policy will be required, so this will eventually result in an error.

          hth,
          matt horn
          flex docs
          • 2. Re: Meta Policy
            slaingod Level 1
            The main problem with that doc is that it is completely unrealistic in its expectations of people caring to know how these things work. That doc was written for the 5% of the people that actual care/are interested by this stuff. I have yet to see the doc that shows for the other 95%: If you want to do this, use this policy file. If you want to do this other, here. Otherwise read the docs and spend the day it would take to truly understand the new requirements to be able to write their own.

            Until this discrepancy is addressed and there is a place to cut'n'paste the 2 or 3 most frequent policy files, this will continue to be constant question, even after pointing people to the doc. I will admit to personally having checked that doc out and closing the browser tab and saying, 'I'll look at this later when it is more pressing because I am sure they will have put together a 5 minute check list rather than some whitepaper no one has time to read.'

            IMO & YMMV :)
            • 3. Re: Meta Policy
              Garyl Woolworth Level 1
              Can I get an AMEN?
              • 4. Re: Meta Policy
                PigFoxeria Level 1
                Good comment slaingod!
                I have read but not understood the doc.
                So the new question is, can anyone point me to an example file that defines meta-policy?
                • 5. Re: Meta Policy
                  Garyl Woolworth Level 1
                  The <site-control permitted-cross-domain-policies="by-content-type"/> is the newest part to the crossdomain file. However if you the data your presenting has no secrecy what so ever it might just be easier to do <site-control permitted-cross-domain-policies="all"/> for now until the Flash Player is released they have made it more clear as to what is and what is not going to break.
                  • 6. Re: Meta Policy
                    PigFoxeria Level 1
                    Perfect, thank you!!!
                    • 7. Re: Meta Policy
                      Jeff Taps
                      PigFoxeria -

                      Hi, I'm Jeff Tapper, one of the authors. The meta-policy warning you mention is just a warning, not an actual error. The application should continue to work for you, even with that warning. When our sys-admin gets back in town, I'll ask them to adjust the cross-domain.xml file, but in the mean time, it should continue to work, even with a few warnings.

                      thanks for buying our book