Trouble getting Flash socket policy file to work

2
votes

Basically I'm using Flash to connect to a Java server.

Despite my Java application replying to the <policy-file-request/>, in the Flash debug log it lists (not sure about the order as there are lots):

* Security Sandbox Violation *

Connection to 192.168.1.86:4049 halted - not permitted from http://127.0.0.1:8888/Current/wander.swf

Warning: Timeout on xmlsocket://192.168.1.86:4049 (at 3 seconds) while waiting for socket policy file. This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation.

Error: Request for resource at xmlsocket://192.168.1.86:4049 by requestor from http://127.0.0.1:8888/Current/wander.swf is denied due to lack of policy file permissions.

What I don't understand is, the server (port 4049) receives the request, outputs the policy file (appends null byte) and then closes the connection, surely it shouldn't time out?

The policy file I'm using is:

<?xml version="1.0"?>
<cross-domain-policy><allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>
2
flashfile
"outputs the policy file (appends null byte) and then closes the connection". why do you close it? - back2dos

2 Answers

0
votes

Alex, Two things you might additionally need to do. I don't think the specification actually states that you need to have these things in place, but I can't ever seem to get past socket policy file exceptions until I've done them.

  1. Listen to <policy-file-request/> calls on port 843, and respond to them in the same way as you do on port 4049.
  2. Put an http cross domain policy at http://192.168.1.86/crossdomain.xml

There are more details here: http://www.adobe.com/cn/devnet/flashplayer/articles/socket_policy_files.html

... but I guess you've already read that.

0
votes

In a 'howto' I've seen that the response must not contain the xml version tag. Just the cross-domain-policy tag.