Flash policy file not working (same domain, different port)

StackOverflow https://stackoverflow.com/questions/14501071

  •  17-01-2022
  •  | 
  •  

Question

I'm at a loss. I can't figure out why Flash is not loading my policy file properly. I'm testing this from the Flash Debugger. 

I've also tried from http://127.0.0.1:80/game (it sends a request to http://127.0.0.1:3014/socket.io/1/).

          Security.loadPolicyFile('xmlsocket://127.0.0.1:843');

          var r:URLRequest = new URLRequest();
          r.url = httpProtocal+"://" + domain + "/socket.io/1/?time=" + new Date().getTime();
          r.method = URLRequestMethod.POST;
          var ul:URLLoader = new URLLoader(r);
          ul.addEventListener(Event.COMPLETE, onDiscover);
          ul.addEventListener(HTTPStatusEvent.HTTP_STATUS, onDiscoverError);
          ul.addEventListener(IOErrorEvent.IO_ERROR , onDiscoverError);

The error:

> webSocketLog: policy file: xmlsocket://127.0.0.1:843 Error #2044:
> Unhandled securityError:. text=Error #2048: Security sandbox
> violation: file:///ude/game/bin-release/Game.swf cannot load data from
> http://127.0.0.1:3014/socket.io/1/?time=1359025067289.    at
> com.pnwrain.flashsocket::FlashSocket()

Yet this works:

> echo -ne '<policy-file-request/>\0' | nc -v 127.0.0.1 843  

Connection to 127.0.0.1 843 port [tcp/*] succeeded!
<?xml version='1.0' ?>
<!DOCTYPE cross-domain-policy SYSTEM 'http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd'>
<cross-domain-policy>
    <allow-access-from domain='*' to-ports='*' />
</cross-domain-policy>

Specifying the absolute path to the crossdomain.xml doesn't work either. I can load this file in my browser.

> webSocketLog: policy file: http://127.0.0.1:843/crossdomain.xml
> Error #2044: Unhandled securityError:. text=Error #2048: Security
> sandbox violation: file:///ude/game/bin-release/Game.swf cannot load
> data from http://127.0.0.1:3014/socket.io/1/?time=1359025126138.  at
> com.pnwrain.flashsocket::FlashSocket()

Not even this works (solution from a very popular blog post):

import flash.system.Security; Security.allowDomain("http://127.0.0.1");

Here's the debugger policy file log:

> OK: Root-level SWF loaded:
> file:///ude/game/bin-release/Game.swf
> OK: Searching for <allow-access-from> in policy files to authorize
> data loading from resource at
> http://127.0.0.1:3014/socket.io/1/?time=1359026453454 by requestor
> from
> file:///ude/game/bin-release/Game.swf
> Error: [strict] Ignoring policy file at
> http://127.0.0.1:3014/crossdomain.xml due to missing Content-Type. 
> See http://www.adobe.com/go/strict_policy_files to fix this problem.
> Error: Request for resource at
> http://127.0.0.1:3014/socket.io/1/?time=1359026453454 by requestor
> from
> file:///ude/game/bin-release/Game.swf
> is denied due to lack of policy file permissions. Warning: HTTP
> response headers not available on this platform.  Strict policy file
> rules cannot be enforced. OK: Policy file accepted:
> http://127.0.0.1:843/crossdomain.xml

The interesting part here is that the OK: Policy file accepted message comes AFTER the errors, even though I'm calling: 

Security.loadPolicyFile('http://127.0.0.1:843/crossdomain.xml');

before the URLRequest. So I moved the URLRequest into a setTimeout, and now the log says:

> OK: Root-level SWF loaded:
> file:///ude/game/bin-release/Game.swf
> Warning: HTTP response headers not available on this platform.  Strict
> policy file rules cannot be enforced. OK: Policy file accepted:
> http://127.0.0.1:843/crossdomain.xml OK: Searching for
> <allow-access-from> in policy files to authorize data loading from
> resource at http://127.0.0.1:3014/socket.io/1/?time=1359028255268 by
> requestor from
> file:///ude/game/bin-release/Game.swf
> Error: [strict] Ignoring policy file at
> http://127.0.0.1:3014/crossdomain.xml due to missing Content-Type. 
> See http://www.adobe.com/go/strict_policy_files to fix this problem.

So, it seems to have loaded the 843 policy file fine, but then tries to load the port 3014 policy file (maybe checking for a sub-policy file?). Which is just a socket.io HTML page saying 'Welcome to socket.io'. It doesn't seem like it should fail for that reason..

I get this in the debugger alert:

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: file:///ude/game/bin-release/Game.swf cannot load data from http://127.0.0.1:3014/socket.io/1/?time=1359028255268.
    at MethodInfo-3642()
    at Function/http://adobe.com/AS3/2006/builtin::apply()
    at SetIntervalTimer/onTimer()
    at flash.utils::Timer/_timerDispatch()
    at flash.utils::Timer/tick()

Any ideas much appreciated. Thank you!

Was it helpful?

Solution

I am not pro at policy files but this looks suspicious:

Error: [strict] Ignoring policy file at http://127.0.0.1:3014/crossdomain.xml due to missing Content-Type. See http://www.adobe.com/go/strict_policy_files to fix this problem.

Seems like policy file is ignored because it has no or invalid Content-Type header.

From Adobe:

Starting in version 9,0,115,0, Flash Player will ignore any HTTP policy file that is not sent with a Content-Type value that gives some assurance that the file is intended to be a text file. Flash Player requires that a policy file's Content-Type must be one of the following:

  • text/* (any text type)
  • application/xml or application/xhtml+xml

And this:

If you find that you need to solve a Content-Type issue, be sure to also consult the section on meta-policies, because a common way to choose a meta-policy is to designate the special Content-Type of text/x-cross-domain-policy for all policy files, which may solve two problems at once—establishing a meta-policy and providing a textual Content-Type.

Also check you server why HTTP response headers are not available:

Warning: HTTP response headers not available on this platform. Strict policy file rules cannot be enforced.

Hope this helps.

OTHER TIPS

The key for a succesfull connection and policy validation is:

1) Have a crossdomain.xml file in the same folder as your socket.io script.

2) Serve this crossdomain.xml through http in the same host:port where the socket.io server is running.

3) To achieve this you need to install the express framework besides socket.io. Using express and socket.io you can serve the crossdomain.xml through http and the connection sockets at the same time on the same port.

4) With this method, flash can find crossdomain.xml in the location in which initially seeks this policy file (the same host:port), avoiding the need to load a policy file from flash manually (you can disable loadPolicyFile)

Would be something like this:

var app = require('express')();
var server = require('http').createServer(app);
var io = require('socket.io').listen(server);

app.get('/crossdomain.xml', function (req, res) {
  console.log("request ... " + __dirname);
  res.sendfile(__dirname + '/crossdomain.xml');
});

server.listen(port, "ip");
console.log("socket.io server started");
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top