Crossdomain.xml windows xp location?

im in progress making a simple desktop app where im going to play radio streaming on it.
im streaming the radio using FLV Player in my Windows XP SP2 PC.
For the app, im using a swf player from Fun SoundPlayer Maker.
The problem is, when im pressing the PLAY button, flash will popup stating about security settings.
I've search around, and it was about Crossdomain.xml, but i dont know where to put the file in my Windows XP Sp2 PC.
Can somebody tell me where sholud i put it and how to make my SWF collect data from it?
Its really frustrating....

Theoretically if you want to control subdirectories - you need to place crossdomain.xml into the topmost directory you want to protect. In your case it may be:
www.mysite.com/content/website1/crossdomain.xml
With that said, Flash will strill attempt to load xml from the root - you need to load policy explicitly:
Security.loadPolicy("www.mysite.com/content/website1/crossdomain.xml");

Similar Messages

  • IOError in IE but not in Firefox (possible crossdomain.xml problem)

    Yesterday, I hopefully debugged a problem that is occuring for our application in IE but not in Firefox.
    It has to do with accessing remote content from a separate domain.
    In every aspect it APPEARS to be a crossdomain.xml issue but the fact that this issue only arrises in IE is what has prompted me to post here.
    We have a solution in the works (bureaucratically speaking) but I want to double check here.
    Our application is on domain "a.domain".
    It access an xml file on "b.domain/xml/".
    And finally (this is the tricky part) it also accesses an xml file at "b.domain/forwardingPath/" which is actually forwarded to "c.domain/xml/".
    The crossdomain.xml is located at "b.domain/crossdomain.xml".
    The request for "b.domain/xml/anXMLFile.xml" works without any problem.
    The request for "b.domain/forwardingPath/anotherXMLFile.xml" succeeds in Firefox but not in IE (remember, the ACTUAL request is forwarded to "c.domain/xml/anotherXMLFile.xml").
    In IE I get an IOError.
    I believe we need an appropriate crossdomain.xml file also located at "c.domain/crossdomain.xml" and have put in that request.  What I want to confirm is whether this understanding is correct.  I am not a server-side person at all.  It's all elves and fairies to me.  And then finally, why the hell is this behavior inconsistent between IE and Firefox?  Is the Firefox version of flash player violating its own security standards?!
    I am cross-posting this at stack overflow.  http://stackoverflow.com/questions/7395931/ioerror-in-ie-but-not-in-firefox-possible-cross domain-xml-problem

    I've pinged our developers about this and here's what they have to say:
    "We did some work for the plugin around redirects andhence the correct behavior on Firefox.
    AFAIK, on IE we don't get notified of the redirect and can't participate in making security decisions during redirect scenarios. This behavior is out of our control.
    There is a workaround documented in the AS3docs here: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/LoaderCont ext.html#checkPolicyFile
    Here is the pertinent paragraph:
    Be careful with checkPolicyFile if you are downloading anobject from a URL that may use server-side HTTP redirects. Policy files arealways retrieved from the corresponding initial URL that you specify inURLRequest.url. If the final object comes from a different URL because of HTTPredirects, then the initially downloaded policy files might not be applicableto the object's final URL, which is the URL that matters in security decisions.If you find yourself in this situation, you can examine the value ofLoaderInfo.url after you have received a ProgressEvent.PROGRESS orEvent.COMPLETE event, which tells you the object's final URL. Then call theSecurity.loadPolicyFile() method with a policy file URL based on the object'sfinal URL. Then poll the value of LoaderInfo.childAllowsParent until it becomes true."
    Chris

  • HTTPService and crossdomain.xml doesn't work as expected

    My charting application gets its data through HTTPService over the internet:
    <HTTPService id="srv" url="http:myserver1.com/tools/xml/data.aspx?name=bob"/>
    and it works fine when I launch the application from my the  bin-release folder of my development environment (Flash Builder 4.6) or from the location http:myserver1.com/xml.
    But when I launch it from http:myserver2.com/charts, which is on the same windows domain as myserver2.com, the chart is empty (it gets no data) although a have this test version of CrossDomain.xml in the root dir of myserver1.com/tools:
    <?xml version="1.0" ?> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy>
    I have also, as suggested by Gregory Lafrance on Sep 5, 2010, set the --use-network=true compiler option although it is true as default.
    What do I miss? Your advice will be received with gratitude.

    I don't get any error messages. The chart is shown but it is empty.
    Bo

  • Multiple plugtmp-1 plugtmp-2 etc. in local\temp folder stay , crossdomain.xml and other files containing visited websitenames created while private browsing

    OS = Windows 7
    When I visit a site like youtube whith private browsing enabled and with the add-on named "shockwave flash" in firefox add-on list installed and activate the flashplayer by going to a video the following files are created in the folder C:\Users\MyUserName\AppData\Local\Temp\plugtmp-1
    plugin-crossdomain.xml
    plugin-strings-nl_NL-vflLqJ7vu.xlb
    The contents of plugin-crossdomain contain both the "youtube.com" adress as "s.ytimg.com" and is as follows:
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    -<cross-domain-policy> <allow-access-from domain="s.ytimg.com"/> <allow-access-from domain="*.youtube.com"/> </cross-domain-policy>
    The contents of the other file I will spare you cause I think those are less common when I visit other sites but I certainly don't trust the file. The crossdomain.xml I see when I visit most other flashpayer sites as well.
    I've also noticed multiple plugin-crossdomain-1.xml and onwards in numbers, I just clicked a youtube video to test, got 6 of them in my temp plus a file named "plugin-read2" (no more NL file cause I changed my country, don't know how youtube knows where I'm from, but that's another subject, don't like that either). I just noticed one with a different code:
    <?xml version="1.0"?>
    -<cross-domain-policy> <allow-access-from domain="*"/> </cross-domain-policy>
    So I guess this one comprimises my browsing history a bit less since it doesn't contain a webadress. If these files are even meant to be deposited in my local\temp folder. The bigger problem occurs when they stay there even after using private browsing, after clearing history, after clearing internet temporary files, cache, whatever you can think of. Which they do in my case, got more than 50 plugtmp-# folders in the previous mentioned local\temp folder containing all website names I visited in the last months. There are a variety of files in them, mostly ASP and XML, some just say file. I have yet to witness such a duplicate folder creation since I started checking my temp (perhaps when firefox crashes? I'd say I've had about 50 crashes in recent months).
    I started checking my temp because of the following Microsoft Security Essential warnings I received on 23-4-12:
    Exploit:Java/CVE-2010-0840.HE
    containerfile:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp
    file:C:\Users\Username\AppData\Local\Temp\jar_cache2196625541034777730.tmp->pong/reversi.class
    and...
    Exploit:Java/CVE-2008-5353.ZT
    containerfile:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp
    file:C:\Users\Noname\AppData\Local\Temp\jar_cache1028270176376464057.tmp->Testability.class
    Microsoft Security Essentials informed me that these files were quarantained and deleted but when going to my temp file they were still there, I deleted them manually and began the great quest of finding out what the multiple gigabytes of other files and folders were doing in that temp folder and not being deleted with the usual clearing options within firefox (and IE).
    Note that I have set my adobe flasplayer settings to the most private intense I could think of while doing these tests (don't allow data storage for all websites, disable peer-to peer stuff, don't remember exactly anymore, etc.). I found it highly suspicious that i needed to change these settings online on an adobe website, is that correct? When right-clicking a video only limited privacy options are available which is why I tried the website thing.
    After the inital discovery of the java exploit (which was discovered by MSE shortly after I installed and started my first scan with Malwarebytes, which in turn made me suspicious whether I had even downloaded the right malwarebytes, but no indication in the filename if I google it). Malwarebytes found nothing, MSE found nothing after it said it removed the files, yet it didn't remove them, manually scanning these jar_cache files with both malwarevytes and MSE resulted in nothing. Just to be sure, I deleted them anyways like I said earlier. No new jar_cache files have been created, no exploits detected since then. CCleaner has cleaned most of my temp folder, I did the rest, am blocking all cookies (except for now shortly), noscript add-on has been running a while on my firefox (V 3.6.26) to block most javascripts except from sites like youtube. I've had almost the same problem using similar manual solutions a couple of months ago, and a couple of months before that (clearing all the multiple tmp folders, removing or renaming jar_cache manually, running various antmalware software, full scan not finding a thing afterwards, installing extra add-ons to increase my security, this time it's BetterPrivacy which I found through a mozilla firefox https connection, I hope, which showed me nicely how adobe flash was still storing LSO's even after setting all storage settings to 0 kb and such on the adobe website, enabling private browsing in firefox crushed those little trolls, but still plugtmp trolls are being created, help me crush them please, they confuse me when I'm looking for a real threat but I still want to use flash, IE doesn't need those folders and files, or does it store them somewhere else?).
    I'm sorry for the long story and many questions, hope it doesn't scare you away from helping me fight this. I suspect it's people wanting to belong to the hackergroup Anonymous who are doing this to my system and repeating their tricks (or the virus is still there, but I've done many antivirus scans with different programs so no need to suggest that option to me, they don't find it or I run into it after a while again, so far, have not seen jar_cache show up). Obviously, you may focus on the questions pertaining firefox and plugtmp folders, but if you can help me with any information regarding those exploits I would be extremely grateful, I've read alot but there isn't much specific information for checking where it comes from when all the anti-virus scanners don't detect anything anymore and don't block it incoming. I also have downloaded and installed process monitor but it crashes when I try to run it. The first time I tried to run it it lasted the longest, now it crashes after a few seconds, I just saw the number of events run up to almost a million and lots of cpu usage. When it crashed everything returned back to normal, or at least that's what I'm supposed to think I guess. I'll follow up on that one on their forum, but you can tell me if the program is ligit or not (it has a microsoft digital signature, or the name micosoft is used in that signature).

    update:
    I haven't upgraded my firefox yet because of a "TVU Web Player" plugin that isn't supported in the new firefox and I'm using it occasionally, couldn't find an upgrade for it. Most of my other plugins are upgraded in the green (according to mozilla websitechecker):
    Java(TM) Platform SE 6 U31 (green)
    Shockwave for Director (green - from Adobe I think)
    Shockwave Flash (green - why do I even need 2 of these adobe add-ons? can I remove one? I removed everything else i could find except the reader i think, I found AdobeARM and Adobe Acrobat several versions, very confusing with names constantly switching around)
    Java Deployment Toolkit 6.0.310.5 (green, grrr, again a second java, why do they do this stuff, to annoy people who are plagued with java and flash exploits? make it more complicating?)
    Adobe Acrobat (green, great, it's still there, well I guess this is the reader then)
    TVU Web Player for FireFox (grey - mentioned it already)
    Silverlight Plug-In (yellow - hardly use it, I think, unless it's automatic without my knowing, perhaps I watched one stream with it once, I'd like to remove it, but just in case I need it, don't remember why I didn't update, perhaps a conflict, perhaps because I don't use it, or it didn't report a threat like java and doesn't create unwantend and history compromising temp files)
    Google Update (grey - can I remove? what will i lose? don't remember installing it, and if I didn't, why didn't firefox block it?)
    Veetle TV Core (grey)
    Veetle TV Player (grey - using this for watching streams on veetle.com, probably needs the Core, deleted the broadcaster that was there earlier, never chose to install that, can't firefox regulate that when installing different components? or did i just miss that option and assumed I needed when I was installing veetle add-on?)
    Well, that's the list i get when checking on your site, when i use my own browseroptions to check add-ons I get a slightly different and longer list including a few I have already turned off (which also doesn't seem very secure to me, what's the point in using your site then for anything other than updates?), here are the differences in MY list:
    I can see 2 versions of Java(TM) Platform SE 6 U31, (thanks firefox for not being able to copy-paste this)
    one "Classic Java plug-in for Netscape and Mozilla"
    the other is "next generation plug-in for Mozilla browsers".
    I think I'll just turn off the Netscape and Mozilla one, don't trust it, why would I need 2? There I did it, no crashes, screw java :P
    There's also a Mozilla Default plugin listed there, why does firefox list it there without any further information whether I need it or not or whether it really originates from Mozilla firefox? It doesn't even show up when I use your website plugin checker, so is there no easy way by watching this list for me to determin I can skip worrying about it?
    There's also some old ones that I recently deactivated still listed like windows live photo gallery, never remember adding that one either or needing it for anything and as usual, right-clicking and "visit homepage" is greyed out, just as it is for the many java crap add-ons I encountered so far.
    Doing a quick check, the only homepage I can visit is the veetle one. The rest are greyed out. I also have several "Java Console" in my extentions tab, I deactivated all but the one with the highest number. Still no Java Console visible though, even after going to start/search "java", clicking java file and changing the settings there to "show" console instead of "hide" (can't remember exact details).
    There's some other extentions from noscript, TVU webplayer again, ADblock Plus and now also BetterPrivacy (sidenote, a default.LSO remains after cleanup correct? How do I know that one isn't doing anything nasty if it's code has been changed or is being changed? To prevent other LSO's I need to use both private browsing and change all kinds of restrictions online for adobe flashplayer, can anyone say absurd!!! if you think you're infected and want to improve your security? Sorry that rant was against Adobe, but it's really against Anonymous, no offense).

  • Where to place crossdomain.xml in SAP ECC IDES?

    Hi,
    I have a flex application which uses webservices generated in SAP IDES system. This flex app is stored in portal server. Since the physical servers are involved, I get a security error message, which says, "Security error accessing url". I browsed through the net and found that, we have to place a crossdomain.xml file in the web root folder of the server from where we are fetching the data. In my case, it would be SAP IDES system.
    I wanted to know where do I place this xml file in IDES? What would be it's location and how can I generate a URL to access this xml file?
    Please let me know about this, if anyone has done this before.
    Appreciate your help.
    Thank you,
    Warm regards,
    Deepak

    Hi Durairaj,
    As mentioned in that thread, I created a BSP application in the server and loaded crossdomain.xml. It was accessible from the browser too.
    This is the xml code which is there in crossdomain:
    <?xml version="1.0" ?>
    <cross-domain-policy>
      <allow-access-from domain="*" />
      <site-control permitted-cross-domain-policies="all" />
      <allow-http-request-headers-from domain="*" headers="*" />
      </cross-domain-policy>
    But this did not solve my purpose
    I have my flex application in a server, servera.abc.com and I am using the webservices of another server, serverb.abc.com
    I uploaded the crossdomain.xml in serverb.abc.com, in the following path through a BSP application:
    http://serverb.abc.com:8000/sap/bc/bsp/sap/zroot/crossdomain.xml
    But I still get the 'security accessing url' message in flex. It doesn't load the wsdl.
    I'm also using this piece of code in initialize event of the application in flex:
                           private function initSecurity():void{
                        Security.allowDomain("*");
                        Security.loadPolicyFile("http://serverb.abc.com:8000/sap/bc/bsp/sap/zroot/crossdomain.xml");
                        Alert.show("crossdomain xml loaded....");
    Where am I going wrong here?

  • AS2 Crossdomain.xml and sendAndLoad

    I have a flash form with input text fields. I am sending the data to a 3rd party server. I can send the information via getURL but I want to send the data without opening a browser window so I am utilizing sendAndLoad. It works great locally but not through a browser (tested in IE and Firefox). I have verified that all the variables and urls are in the correct case, I have tried both Post and Get, I have tried network and local... Ugh! I am losing my hair on this one please help asap!!!
    Here is the file - click on the second image...
    http://www.axonmediagroup.com/adimag...directbuy.html
    Here is the code...
    on (release) {
    if (first_name.text.length == 0) {
    error.text = "** First Name Required **";
    } else if (last_name.text.length == 0) {
    error.text = "** Last Name Required **";
    } else if (address1.text.length == 0) {
    error.text = "** Address Required **";
    } else if (city.text.length == 0) {
    error.text = "** City Required **";
    } else if (state1.value == "") {
    error.text = "** State Required **";
    } else if (postal_code.text.length == 0) {
    error.text = "** Zip Required **";
    } else if (phone_home.text.length == 0) {
    error.text = "** Phone Required **";
    } else if (email.text.length == 0) {
    error.text = "** Email Required **";
    } else {
    System.security.loadPolicyFile('https://app.leadconduit.com/crossdomain.xml');
    var myloadVars:LoadVars = new LoadVars();
    myloadVars.RName = 'AxonMedia';
    myloadVars.AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
    myloadVars.ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
    myloadVars.SUBID = 1;
    myloadVars.xxNodeId = '050l0tjhd';
    myloadVars.xxTest = 'true';
    myloadVars.Country = 'USA';
    myloadVars.first_name = first_name.text;
    myloadVars.last_name = last_name.text;
    myloadVars.SpouseName = SpouseName.text;
    myloadVars.address1 = address1.text;
    myloadVars.city = city.text;
    myloadVars.state1 = state1.selectedItem.label;
    myloadVars.postal_code = postal_code.text;
    myloadVars.phone_home = phone_home.text;
    myloadVars.email = email.text;
    trace(myloadVars);
    myloadVars.sendAndLoad("https://app.leadconduit.com/v2/PostLeadAction?",myloadVars,"POST");
    myloadVars.onLoad = function(success:Boolean) {
    if (success) {
    error.text = "Thank you for contacting us!";
    } else {
    error.text = "Error connecting to server.";
    Here is the code that works via browser...
    on (release) {
    if (first_name.text.length == 0) {
    error.text = "** First Name Required **";
    } else if (last_name.text.length == 0) {
    error.text = "** Last Name Required **";
    } else if (address1.text.length == 0) {
    error.text = "** Address Required **";
    } else if (city.text.length == 0) {
    error.text = "** City Required **";
    } else if (state1.value == "") {
    error.text = "** State Required **";
    } else if (postal_code.text.length == 0) {
    error.text = "** Zip Required **";
    } else if (phone_home.text.length == 0) {
    error.text = "** Phone Required **";
    } else if (email.text.length == 0) {
    error.text = "** Email Required **";
    } else {
    System.security.loadPolicyFile('crossdomain.xml');
    var RName = 'AxonMedia';
    var AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
    var ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
    var TimeFrame = 0;
    var SUBID = 1;
    var xxNodeId = '050l0tjha';
    var xxTest = 'true';
    var Country = 'USA';
    var first_name = first_name.text;
    var last_name = last_name.text;
    var SpouseName = SpouseName.text;
    var address1 = address1.text;
    var city = city.text;
    var state1 = state1.selectedItem.label;
    var postal_code = postal_code.text;
    var phone_home = phone_home.text;
    var email = email.text;
    getURL("https://app.leadconduit.com/v2/PostLeadAction?", "_blank", "GET");
    error.text = "Thank you for your response!";
    }

    Sounds like the update for Flash 8 may help.

  • Crossdomain.xml and Reporting Services

    Hi,
    I'm trying to get my Flex application to call a webservice on a remote Reporting Services instance, but am running up against insummountable problems with the Flash Player's cross-site scripting security.
    Due to the way that Reporting Services works, there is no root folder (i.e. http://theserver/ doesn't actually exist anywhere in the filesystem) - so we cannot have a master policy file at that location.
    However, we have been able - through extensive fiddling of the SSRS web.config - to get an XML and/or ASPX file into the http://myserver/ReportServer/ subfolder and have the "X-Permitted-Cross-Domain-Policies: all" HTTP header returned along with the content.
    We are then calling Security.loadPolicyFile("http://theserver/ReportServer/crossdomain.xml") before we try and start calling the WebService.
    We are then able to load the WebService description (GET /ReportServer/ReportService2005.asmx?wsdl). However, when we then try to make the actual call to the webservice - which is a HTTP POST of XML data to the same URL - /ReportServer/ReportService2005.asmx - we get the following errors in the Flex debugger (and the Flash Player log file):
    Warning: Failed to load policy file from http://theserver/crossdomain.xml
    Error: Request for resource at http://theserver/ReportServer/ReportService2005.asmx by requestor from http://localhost/modules/ReportsModule.swf is denied due to lack of policy file permissions.
    *** Security Sandbox Violation ***
    Are GET and POST requests handled differently, or is there something more sinister going on here? Can anyone think of a way to proceed in this investigation, apart from just giving up on Flash's ability to do anything cross-site, and writing our own Server-Side proxy for everything!
    regards
    Richard

    Sounds like the update for Flash 8 may help.

  • Ye Olde crossdomain.xml

    An App I was working on just went into production on
    Saturday. We have this setup: A weblogic application server (Server
    A) running on Machine A (a solaris OS). We have a separate weblogic
    server located on Machine B.
    Machine A's weblogic hosts the web application and one of the
    pages has a Flex app built in Flex Builder 2.0. This app accesses a
    webservice located on Machine B. In our system test environment
    this worked fine. It also works fine running it with the Run button
    in Flex Builder. When it was deployed to production this weekend, I
    get this error: Unable to load WSDL. If currently online, please
    verify the URL and/or format of the WSDL. I figure it is something
    wrong with crossdomain.xml. I have tried everything.
    Machine A: Port 7001 (crossdomain.xml accessible at
    machinea:7001/crossdomain.xml).
    Machine B: port 4444 (crossdomain.xml accessible at
    machineb:4444/crossdomain.xml).
    I've also tried to load it with Security.loadPolicyFile(url).
    None of this has worked and it always returns the same error. I'd
    really like to get this resolved, as like I said it worked in our
    test environment but is broken in production.

    Just to cover the basics, can you:
    1) test using a wide open cross-domain.xml on machineb?
    <allow-access-from domain="*" />
    2) confirm the URL of the service port at the bottom of the
    wsdl?
    The service port defines where the actual webservice can be
    found and may or may not be on the same server that hosts the wsdl.
    One problem might be that in testing the service port was using a
    canonical domain name that only resolvable on a private intranet,
    and breaks on public facing servers.
    3) run a packet sniffer on the client where Flash Player is
    running and trace connections from the client to machineb ?
    a) you should see an HTTP request / response for
    crossdomain.xml on machineb over port 4444
    b) you should see an HTTP request / response for the wsdl on
    machineb over port 4444
    c) you should see the HTTP req as a POST to the service port
    URL that sends the SOAP Request embedded in the SOAP envelope.
    d) you should see the HTTP response from the service port
    URL with the SOAP response inside a SOAP envelope
    4) Run the Eclipse WTP WebService Explorer from the same
    machine as the client with Flash Player. Type in the WSDL URL into
    the designated field, and Eclipse WTP will parse the wsdl and
    provide a form to permit you to enter data to properly fulfill the
    SOAP Request.
    Eclipse WTP is a great reference tool for testing webservices
    and can be used for troubleshooting by comparison.
    Please let me know how it goes.

  • Where to place crossdomain.xml

    Hi experts,
    I am trying to connect from a flex application to a webservice on the Web AS. If I deploy local or run the application on the same domain as the webservice everything works fine, but not on another domain, so I think it could be fixed with the crossdomain.xml file on the Web AS. But where should I place this file if my wsdl for the webservice is located at http://<server>:<port>/sap/bc/soap/wsdl11?services=<servicename>??
    Thanks a lot,
    Manfred

    For issues regarding crossdomain.xml be sure to understand the concepts behind it.
    http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
    Also check http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html for changes in latest Flash Player versions.
    You can check if your problems really are caused by crossdomain.xml by using the debug version of the latest Flash Player. This is also described in the above document on [page 5|http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_05.html].
    Kind regards,
    Roland

  • Please HELP with CrossDomain.xml problem

    I'm using Flex2 with Java as the backend. On my local machine
    everything works fine. When I deployed the Java war file to the
    hosting server and moved the swf there as well I keep getting the
    following error "Security error accessing url"
    faultCode="Channel.Security.Error". After reading on this it says I
    need a crossdomain.xml file put at the root of my server.
    I have placed a crossdomain.xml file at the following areas.
    C:\Inetpub\wwwroot\crossdomain.xml
    C:\Inetpub\vhosts\mysite.com\crossdomain.xml
    C:\Inetpub\vhosts\mysite.com\httpdocs\crossdomain.xml
    C:\Program
    Files\SWsoft\Plesk\Additional\Tomcat\webapps\crossdomain.xml
    the following is in the crossdomain.xml
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "
    http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="*" to-ports="*" secure="true"
    />
    </cross-domain-policy>
    the war file is deployed here:
    C:\Program
    Files\SWsoft\Plesk\Additional\Tomcat\psa-webapps\mysite.com\testjava.war
    and the swf file is located here:
    C:\Inetpub\vhosts\mysite.com\httpdocs\test.swf
    I don't know what I'm missing. Please someone help me.

    daperk,
    You should post this to board "Smartphones, Nseries and Eseries Devices".

  • Google crossdomain.xml when making requests

    Hi guys,
    Does anyone know how to get round the googles cross domain
    when trying to access their services like the maps.google.com
    geocode?
    Every call i make to try and make a LoadVars request works
    fine in the flash IDE where it just trys to pull down the
    google.com crossdomain, but any calls in a live enviroment just
    request the crossdomain from the appropriate service, i.e. the
    maps.google.com and then don't make the actual request.
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "
    http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <site-control
    permitted-cross-domain-policies="by-content-type" />
    </cross-domain-policy>
    Any help would be great, otherwise i'll have to proxy the
    requests through a php page.

    Howdy,
    I have done some further investigations and I have so far concluded that:
    - in the cases where the service does NOT work, the following is happening:
    I watch a video (video 1), then close the window. I start a new window with a new video (video 2). However, despite closing a window and opening a new window, the TCP session for video 1 remains open. So when I start video 2, the crossdomain.xml request is sent on the old TCP session.
    Instead of getting an "OK" reply, I simply get an "ACK" reply and the process is halted.
    - in the cases where the service does work, the following is happening:
    I watch a video (video 1), then close the window. I start a new window with a new video (video 2). For each window, a new TCP session is set up/ synchronised, and the crossdomain.xml request receices an "ACK".
    - it seems that the failure scenario happens when there are no files in the cache.
    Any ideas of what this could be?

  • SWF Jitters on drupal site - crossdomain.xml

    I've been working on a mapping application for a client.  The swf I've created references a xml that provides names for mc's and listeners.  The xml also has info that populates text boxes when clicked on.
    I'd been hosting the working version of this swf on our website (drupal based) where I worked on changes and tested it.  It worked fine in this location and still is functioning well
    http://wildlands.org/node/683
    When I sent a copy for my clients to post on their website, we ran into a few problems.  First, there was a crossdomain issue and we had to create a crossdomain.xml and place it in their site's root.  Once we did this, the app worked but became jittery (a problem i cannot replicate on my site).  The client is using the same version of drupal and the same flashnode module.
    http://www.gallatinwrp.org/content/testflash
    Does anyone know where I could start to begin troubleshooting this?  It's strange that this does not occur on my site.  I also never had to create a crossdomain.xml and place it in our site's root.
    thanks in advance,
    j

    the easiest way to avoid cross-domain issues, is to use a local executable (like a php file) and have that executable load your cross-domain assets and pass them to your local swf.
    otherwise, you must correct your crossdomain.xml file.  to start, you need a cross-domain meta policy file that is in the host server's root directory.  if you don't have access to the root directory, you don't control that server and you are not allowed to place policy files on it.  (see above solution.)

  • Data grid, remote xml, crossdomain.xml

    Hi...
    I have a problem with the security sandbox of the flash player.
    I need a data grid to get its data from a xml located in other domain. I have prepared a crossdomain.xml file with this structure:
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="*"/>
    </cross-domain-policy>
    </cross-domain-policy>
    I have put this file in the public_html folder of my host, and also in the folder where the app is located but still not working....
    I guess I need to do something else....
    Thank you very much.

    Hi there,
    I am looking for a solution like yours, but it seems that
    flex does not like much the XML attributes nor xpath syntax.
    As a workaround, I would modify your source XML to be
    <row>
    <column>
    <dataGridHeader1>Test Data 1.1</dataGridHeader1>
    </column>
    <column>
    <dataGridHeader2>Test Data 1.2</dataGridHeader2>
    </column>
    </row>
    This way, you can take the appropriate value by describing
    <mx:DataGridColumn
    headerText="{dataXML.column.dataGridHeader1}"
    dataField="{column[0]}"/>
    <mx:DataGridColumn
    headerText="{dataXML.column.dataGridHeader2}"
    dataField="{column[1]}"/>
    Hope it helps. Let me know if you find the REAL solution to
    read attributes and Xpath,
    Best regards,
    Miguel

  • Crossdomain.xml file not being called by the SWF

    Hi,
    I'm serving an swf file compiled using flex builder 3.2 through plain HTTP, the SWF file calls a service in the same domain through HTTPS, as such, I put the following file in the root directory of my web server:
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
        <allow-access-from domain="*" secure="false" />
    </cross-domain-policy>
    and name it crossdomain.xml
    When the service is invoked, I get the following error: [RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"]
    When I check the access log files of my web server (Apache), there's no entry for crossdomain.xml (it is not being requested), why?
    When I serve the SWF through HTTPs it works OK ... any ideas?
    I have tried in several machines (different browsers, different versions of Flash player) and no success.

    I am also experiencing the exact same problem.  I'm not able to change the crossdomain.xml file located in the root directory and am going to try creating a new policy file in a sub directory.  The problem I'm having is that my web service is called from a virtual path and I do not know where to save this new policy file.
    Have you tried to load in a specific policy file?
    Security.loadPolicyFile( "http://yourdomain.com/policyFile.xml" );
    Also, you may want to check which sandbox your swf file is in.  flash.system.Security.sandboxType.  This could be another cause to the error.  My swf file is in the "remote" sandbox.

  • Crossdomain.xml or?

    I have a rss reader builded and its working perfectly offline, it gets all the rss xml i want.
    now i put the site online to test out , now it seems that nothing much happening, except the rss feed from cnn itself is working, rest just dont....
    I dont get any errors or whatsoever, just nothing is loaded when i clicking on it.
    now have been reseacrching and come across on the crossdomain policies >< which is kinda new to me..
    I loaded it up, but still nothing happening...
    i have this crossdomain.xml made.
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <site-control permitted-cross-domain-policies="all" />
    <allow-access-from domain="http://www.norea.nl/Norea/Metanavigatie/RSS" />
    </cross-domain-policy>
    my questions are follows:
    1. Is this the solution for me? or is it something else that bugs me?
    2. do I put this on my root folder on the server or can I place it under the FOlder where the actual SWF file is located?
    3. do i put on in the allow-access-from domain     http://www.norea.nl/Norea/Metanavigatie/RSS/36846 or
                                                                         feed://www.norea.nl/Norea/Metanavigatie/RSS/36846 or
                                                                         http://www.norea.nl or
                                                                         http://www.norea.nl/Norea/Metanavigatie/RSS
    am using ac3 - player 10 - cs4 prof
    thanks in advance!

    The crossdomain.xml file needs to go on the domain that's hosting the RSS feed (ie, norea.nl), not the domain that's hosting the swf.  So if you have 2 domains:
    www.a.com - hosting the RSS feed
    www.b.com - hosting the swf
    The the crossdomain.xml file goes on www.a.com and would look like:
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <site-control permitted-cross-domain-policies="all" />
    <allow-access-from domain="http://www.b.com" />
    </cross-domain-policy>
    or, if you wanted to allow any domain to access the RSS feed, do this:
    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <site-control permitted-cross-domain-policies="all" />
    <allow-access-from domain="*" />
    </cross-domain-policy>

Maybe you are looking for

  • Problem in converting spool to pdf

    Hi Experts, I want an internal table to be converted to the PDF. For this RSPO_OPEN_SPOOLREQUEST, RSPO_WRITE_SPOOLREQUEST and RSPO_CLOSE_SPOOLREQUEST to create the spool. However, somehow the table tsp01 does not gets updated as a result i could not

  • In the keybourd of my mac 10.8.3 OSX, some battons are not working

    n the keybourd of my mac 10.8.3 OSX, some battons are not working

  • Rman backup strategy

    hi, just wanted to hear some thoughts from some pros.. platform: oracle 9i on windows i switch from user-managed backups to rman recently. My full nightly backups are abt 20GB in size on completion. we backup to tape, but i want to keep some disk bac

  • How to SUM in REUSE_ALV_GRID_DISPLAY ?

    Hi, I have below the code that I use to sort 1 column and sum 3 columns; PERFORM sort_item USING 'ARBPL' 'X' 'X'. PERFORM sum_item USING 'NO_OPR' 'X' 'X'. PERFORM sum_item USING 'LMNGA' 'X' 'X'. PERFORM sum_item USING 'QTY_MTRS' 'X' 'X'. FORM sort_it

  • Arithmatic operations on field values jasper reports

    Hi, I want to calculate some percentages in the report based on some Field values present in the report. To achieve this I need to make some divisions and multiplications, is it possible to divide or multiply two variables while filling the report us