Hey guys,

Im trying to set up cross domain policy so that my swf on "servA.com" can post to "servb.com". My crossdomain.xml file looks like this:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
</cross-domain-policy>

When i run my swf, i get thsi error:
Error: [strict] Ignoring policy file at http://servb.com/crossdomain.xml due to missing Content-Type. See http://www.adobe.com/go/strict_policy_files to fix this problem.

does anyone have any insight?

Thanks

after some heavy reading, and some help from a coworker, I discovered that servb.com does not return a content type for the crossdomain.xml file, which the flash player doesn't like.

Unfortunately, we are using a simplified, proprietary web server, and we cannot change the content type (it will require a code change to allow this, and that wont happen any time soon), killing this project....

Unless, someone knows of a way around this strict Content Type checking?

I do not know of a way around the content type checking, but what about a proxy > append info. > redirect approach.

So in php parlance you would write this:

<?php
header('Content-Type: text/xml');
$url = '{MY VARIABLE URL}';
$content = file_get_contents($url);
echo $content;
?>

And you would direct all server calls through whatever URL you post this script to, along with {MY VARIABLE URL}.

As with all proxies there are downsides to this approach, but at least you would be able to keep the project alive.


_________

Exemplars Gallery (http://www.exemplars-gallery.com)

I'm in the same situation as the OP.
Since I don't know PHP yet, can you give some pointers on how to implement the redirect? Is it necessary to install a small PHP server?

Hello jhs,

First up, I should say that this is really a last resort; something I would do until I could find a proper solution. Certainly, if you have/are expecting a lot of traffic, this approach would be a bottleneck.

It is also just a suggestion, because I have not used it myself.

With those two points out of the way...

PHP is absolutely not required. Any server-side code will do. What you are looking to do is intercept the server request, append some extra information, and then make the request to the correct url.

Do you have a preferred server-side language? If so, let me know, and I'll probably be able to provide an equivalent code snippet etc.

Also, if anyone else has some alternate ideas, or have applied this approach, I would be interested to hear about it.

Hi.

>>First up, I should say that this is really a last resort; something I would do until I could find a proper solution. Certainly, if you have/are expecting a lot of traffic, this approach would be a bottleneck.

Yes, I understand that it would be a hack, but as things are it seems it may be the only solution.
However, I only need to append content-type to 1 file per application-run (the xml policy file): if the redirect can only be applied globally (as in, the whole server being redirected from the hack-application), then I have a major problem. If I can apply the redirect only to that single file, It shouldn't reduce overall performance.

>>PHP is absolutely not required. Any server-side code will do. What you are looking to do is intercept the server request, append some extra information, and then make the request to the correct url.
In not particularly scared of PHP (IIRC the syntax is similar to Java, right?). It's just that I never coded/implemented any PHP solution, so I would need some pointers. As for other server-side code, I don't have much experience.

In any case, thanks for the help so far

Hello,

>>However, I only need to append content-type to 1 file per application-run (the xml policy file): if the redirect can only be applied globally (as in, the whole server being redirected from the hack-application), then I have a major problem. If I can apply the redirect only to that single file, It shouldn't reduce overall performance.

The approach gets the information from the other server, and then runs it on the server your .swf file resides. Meaning that it looks to the crossdomain file that the content is on the same server as it is. So the word 'redirect' is really not that accurate.

>>In not particularly scared of PHP (IIRC the syntax is similar to Java, right?). It's just that I never coded/implemented any PHP solution, so I would need some pointers. As for other server-side code, I don't have much experience.

Cool. Well php would need to be up-and-running.

Once php is working you can take the code snippet, save it as someFileName.php, and upload it to an appropriate directory on Server A.

In flex, you would just need to send any requests via the php file. (There are a few good examples that illustrate flex/php communication. This one is quite often quoted: http://blogs.adobe.com/mikepotter/2006/02/flex_and_php_a_1.html .)

If you only ever get information from one address at Server B, {MY VARIABLE URL} can be replaced with that address. If not you would need to append the URL to the information you send to your php script. You will also need to make the script realise it is receiving a variable. The way to do this is outlined in Mike Potter's example (see the mx:request in flex, and POST_ in php).

Serving the php on a different server was easy to do, and I stopped getting policy file errors such as missing content-type.
It seems it is just the the same as putting a loadPolicyFile("serverB/crossdomain.xml") on my flash (loaded from serverA)., so I can get XML-RPC responses from serverC.

serverB/crossdomain.xml:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" /> <!-- first is "*" for testing purposes -->
</cross-domain-policy>


However, even If I stopped getting the policy file errors, I still get the #2044 error...
Did I just misunderstood something very basic??

Hi,

2044 errors come with "unhandled {x,y,z}" messages. If yours is unhandled IO etc., your .swf is looking for a file and getting no response.

My error is "Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://my.serverA.foo.swf cannot load data from http://my.serverC:PORT"

Which is what policy files are for, I think.

Hi,

Checking:

1. Is the php proxy file on the same server as your .swf?
2. Is the crossdomain.xml file on this server as well?
3. Does your flex code reference the php proxy file?

4. Does the php proxy file reference the server you want to get the information from?

Hi.

1 - The proxy file is on a different server (server B) than the swf (server A), and the swf has a loadPolicyFile( serverB/*[php/xml] ) See point 2 for the "*" explanation. Maybe that's the problem?

2 - I've tried 2 different approaches:
- 2.a - putting the proxy file from server B getting the crossdomain.xml from server A (the swf one);
- 2.b - from the swf, using directly loadPolicyFile( serverB/crossdomain.xml );

3- yes

4- the proxy file (2.a) is
<?php
header('Content-Type: text/xml');
$url = 'serverA/crossdomain.xml';
$content = file_get_contents($url);
echo $content;
?>

with 2.a and 2-b, the crossdomain file always has a <cross-domain-policy>

<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="all />
</cross-domain-policy>

as a 1st step.

Hi,

The problem is that we are looking to apply the header('Content-Type: text/xml'); to the content you are looking to retrieve and not the crossdomain file.

The crossdomain file caused a problem in the first instance, because it was looking for header information and seeing that there was some missing. The idea is to make sure that the header information the crossdomain file requires is attached to the content itself.

If you try:

1. Placing the php proxy file on the same server as your .swf
2. Placing the crossdomain.xml file on this server as well
3. Configuring the php file as follows:

<?php
header('Content-Type: text/xml');
$url = 'serverB/myContentFile';
$content = file_get_contents($url);
echo $content;
?>

If you are interested to see a little more about what the php script is doing, this is a good first port of call http://uk.php.net/file_get_contents