We have built several flex-based ecommerce apps for a fortune 500 customer of ours, that for various reasons, we need to use sockets to a different domain and requires a socket policy file, but were having trouble configuring our flex apps for deployment in thier enviornment where they are blocking virtually everything except port 80 . The current documentation in in regards to socket policy files and crossdomain files in a non-standard configuration not using port 843 is not providing any useful help to us.
Here is the scenario:
Flex apps are served from domain www.a.com in to users browsers via http. The apps then make socket connections to domain www.b.com:80 where there are php scripts serving json data to the flex apps via port 80 using http(we use sockets because we need to set and read back http headers). The problem is the flex apps cannot make socket connections to the www.b.com domain without errors like below(unless we setup a socket policy server on port 843 of www.b.com, in which case everything works):
Warning: Timeout on xmlsocket://www.b.com:80 (at 3 seconds) while waiting for socket policy file. This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation.
Error: Request for resource at xmlsocket://www.b.com:80 by requestor from http://www.a.com/bin-debug/DownloadManagerFlex.swf is denied due to lack of policy file permissions.
Error: Request for resource at xmlsocket://www.b.com:80 by requestor from http://www.a.com.us/bin-debug/DownloadManagerFlex.swf is denied due to lack of policy file permissions.
Since we cannot use port 843 for the socket policy file server, we setup the socket policy server on a different ip in the same domain: spf.b.com:80 (using the sample perl code Adobe provides), and per the docs(cited below), use
Security.loadPolicyFile("xmlsocket://spf.b.com:80") before we invoke "socket.connect", to supposedly tell the flash player to check there for the socket policy file. The problem, as you can see from the error log, is that the
No matter what we do or how we set things up, we cannot get the flash player to recognize the
loadPolicyFile(), it always wants to go to the port were making the socket connection on. It is unclear how to properly configure the flex app, socket policy file and crossdomain file for the above scenario. The docs allude to being able to serve the socket policy file from a different port 80 in the same domain as the socket connection were trying to make, but were having no luck with that.
->Can anyone shed some light on how to make this work or what are we missing/doing wrong? Also, if we can get this to work, are we stuck with a 3 second delay because this(very large) customer is blocking port 843?
As an aside, the documentation for all this is a bit scattered, unclear and contrdictory:
One document says:(http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_07.html)
"This warning usually means one of two things: first, that you need to set up a socket policy file server on port 843, which is the first location that Flash Player checks by default; or second, that you need to provide more explicit guidance to Flash Player from ActionScript by calling
loadPolicyFileto indicate the location of a socket policy file. When you call
loadPolicyFilerather than allowing Flash Player to check locations by default, Flash Player will wait as long as necessary for a response from a socket policy file server, rather than timing out after 3 seconds."
Another document says(http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html):
"If an ActionScript
Security.loadPolicyFile() command exists within the SWF file, then the Flash Player runtime checks that location. Flash Player checks the destination of the
loadPolicyFile() only after it has checked the master policy file on port 843 for permission to acknowledge other policy files. If the developer has not specified a
loadPolicyFile() command, then Flash Player checks the destination port of the connection."