I'm a Java developer who just recently started playing with actionscript3 / flash and have been really enjoying.

I've started making a flash based game, and decided I wanted to add network support to it. To learn the initial ropes of the networking side of flash I decided to make a test page that would act as a chat room. Everything works perfect if I'm on my own box...but if its anywhere else a security sandbox error is throw and the swf doesn't connect. This flash security policy stuff is kicking my butt all over the place. :confused:

This is what I have...
-Tomcat running on port 80, serving the swf file
-a java socket server running on port 8080 that keeps all the connections and broadcasts messages as needed (for a new person entering / leaving the channel)

So I think I understand that since the swf is on port 80 from my IP that it needs a cross domain policy to be able to access the socket on port 8080. I know theres a socket or http based request methods, I would prefer to do it via http.

I put the file "crossdomain.xml" file in my root directory of the webserver, so that http://xx.xx.xx.xx/crossdomain.xml will actually display in the broswer.

I've put the load policy file directly before the socket creation / connection...ex:
Security.loadPolicyFile("http://xx.xx.xx.xx/crossdomain.xml");
mySocket = new Socket();

I type the url pointing to the html file flex created:
http://xx.xx.xx.xx/test.html
into IE to display the swf. Like I said...everything works perfectly opening multiple client connections on my computer. Anything off my computer (lan or internet) will not work though...everything comes back with a security error. (Error #2044: Unhandled SecurityErrorEvent:. text=Error #2048: Security sandbox violation).

Just in plain frustration I tried calling Security.allowDomain("*") which I dont think I need...but that too failed.

Any suggestions on how to get this http request policy working would be greatly appreciated...I guess in the mean time since I'm somewhat at a deadend I'll try the socket based policy request...but I would like to know what exactly I did wrong for the http one. Thanks.

Just to give anyone else who might have a similar problem...I just finished the socket based policy retrieval system. Everything works as it should!

Tomcat on port 80 hosting the html/swf
socket server (apache Mina) running the chat listener on port 8080 and also on port 8081 for the flash policy file request from the swf.

All I had to do in the swf to load it is this line of code:

Security.loadPolicyFile("xmlsocket://xx.xx.xx.xx:8081");
mySocket = new Socket();
...
(add event listeners)
...
mySocket.connect("xx.xx.xx.xx", 8080);


...obviously xx.xx.xx.xx is my ip.

As far as the policy file...I just made a very simple one allowing any domain and all ports from 1024 and up:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>

Just make sure you end your xml with a null char (per the flash policy protocol) and close the connection after you send it.

Anyway...I would still love to know if anyone has ideas why the HTTP policy request failed for me. I know it was the old way to do this and was included for backward compatability...but I thought it would still work just as easy. But I'm just glad I got this stupid policy stuff working...:)

Hello!

I have exactly the same problem as you. I am trying the same, loading the policy file with xmlsocket as you did but I can't get it work.... How does your Java code look like??

thank you!!

tamarinda

Hello!

I have exactly the same problem as you. I am trying the same, loading the policy file with xmlsocket as you did but I can't get it work.... How does your Java code look like??

thank you!!

tamarinda
I know this is a little late.

But, in case anyone who is looking for a solution lands on this page, here's my suggestion.

Even I faced the same problem during one of the projects I worked on for my Company.
I finally managed to figure out that the problem was with the server-side code.
The python script( in our case) that we were using used to just broadcast the cross-domain on 'connect' immediately.
We later modified it to send the cross-domain xml on receiving some response from the client socket( in this case the <policy-file-request /> string), lo and behold!
Alchemy happened & the socket started connecting perfectly every single time.

You can check if this is same problem with you by doing a telnet to the port serving cross-domain xml. On pressing Enter, if the cross-domain xml appears immediately then that implies that the server-side script is not waiting for any input from the client.

Also, in case you are checking the input received from the client to be <policy-file-request /> then ensure the case of the string & that no other character( null character or an extra space) is being received.

Hope this helps!

Hello,

This thread is intertesting to me in that I am (still) having a similar problem, and if you'll allow me, to0 just mention my experiences to see if the collective experts (I'm a 3 week Flash/Actionscript newbie!) can spot anything in my assumptions.

We are utilising Flash player v10 - and from after reading lots and lots of articles on the adobe.com site along with various other websites, this one included, that there is a significant change in the way the policy files are interpreted by flash 10 compared to flash 9 - is this something I am correct in believing?

Our application is a flash based UI, running in the standalone player, loading via a web server running on localhost the swf file (export option 'network only') and it's assets (graphics/720p video's etc). The application then requires to open a socket connection for comminication/interactivity, which is also on localhost (port 5331). We have a policy deamon running on localhost, port 843 (the example python script from the adobe.com site).

My issue is that I can configure the policy as:

<cross-domain-policy>
<allow-access-from domain="localhost"/>
</cross-domain-policy>

and I can start the flash, and while the initial application comes up, including loading of various assets, an error message is shown indicating security sandbox violation attempting connection to port 5331.

If I modify the policy file to include ' to-ports="5331" ' when I start the application, I immediately get a sandbox security violation!

Should the policy deamon on port 843 get two requests? one for the URL, and one for socket? (I only see one request - or believe I do)

As always in development... this application is needed to be working for a trade show which is looming very shortly on the horizon!

Any help, greatfully received.

Richard