Problem with policy file for ActionScript 3 XMLSocket

Question

we've developed a tailored server in .NET to host some basic chat/IM functions for our website, and the client is written in Flex (AS3) using XMLSocket.

Now we have 2 servers, one dedicated to purely sending policy files, and one handling IM/Chat functions.

Problem is, we can see the client connecting, the policy file is sent, but then Flash ignores the policy file and requests it again from our chat/IM server.

Policy file:

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*" to-ports="*" secure="false"/>
</cross-domain-policy>

Policy server:

Server.LogMessage("Policy Server: Serving policy file.");
            TcpListener listener = (TcpListener)ar.AsyncState;
            Socket client = listener.EndAcceptSocket(ar);
            NetworkStream ns = new NetworkStream(client);
            StreamReader sr = new StreamReader(ns);
            StreamWriter sw = new StreamWriter(ns);

            sr.Read();
            //Send policy
            sw.Write(Server.EncodeString(Server.xmlPolicyFile.OuterXml) + "\0");
            sw.Flush();
            ns.Flush();
            //Cleanup
            sw.Close();
            sr.Close();
            ns.Close();
            //Do it again!
            tcl.BeginAcceptSocket(AcceptCallback, tcl);

Answer 1

Cross Domain Policy only works for the server its on... you can't have a server serving up the policy for a different server... what would stop a villain creating a policy for your machine and stealing your data.

You'll need to have the policy served from the correct server.

Answer 2

Thanks Gergor but what I meant is that we opened one server dedicated to sending out policy files and one to handle actual connections (both on the same machine).

Problem was that you need to immediately send the policy file without doing anything else on the policy server.