Placing crossdomain.xml on server

Hello,
I am creating a Flex/SWF file that will run on my NetWeaver 04S WebAS server (java/Win 2003 64 bit) and I need to place a crossdomain.xml file on the server so that the SWF can communicate with another server.
How is this possible? I tried using the Administrator services (virtual host) without any luck. Can anyone help?
Regards,
Blair Powell

Hi Blair,
Did you manage to solve this.
I am also facing the same problem.
Regards,
Ameya

Similar Messages

On WebServices, crossdomain.xml and debug-mode

I'm building a conncetion to a remote webservice, and they
don't have a crossdomain.xml file on their server (or it is placed
badly or something).
While developing my connection has worked fine, but when I go
outside of the debug mode (actually running the swf/html from any
other folder then the projects bin-debug) and the connection won't
work. It returns no error and just seems to keep going ignoring the
request. So I looked around for a bit and managed to turn on the
trace() log file which brought the problem to my attention:
Cannot load crossdomain.xml from server, halting request. (or
something similar)
This is fine now that I know of it, I can get the server
people to add crossdomain for me. The questions I'm asking though
is:
Why does it work in the bin-debug filder?
How can I capture the "Cannot load crossdomain..." trace? (my
guess is that its generated in the flash player, and not flex
library)

Understand the SandboxType of flash player before getinto this issue.
While inside the bin-debug, your sandbox type is LocalTrusted. This will allow access to external system,
When go go for the deployment it wont works, cos you sandbox type will be different (say Network with Local)
http://livedocs.adobe.com/flex/3/html/help.html?content=05B_Security_04.html
The above URL will expain the security concept
Nith

Question: crossdomain.xml without web server

Hi, Flex Gurus,
In case where I want to use Flex to communicate with a
non-web server machine, e.g. mysql, where should the
crossdomain.xml reside on the non-web server machine?
thanks,
sw

Well at that point you would put it where ever Flex can load
the file locally and do Security.loadPolicyFile("url"). However if
you are going to be using a socket for the connection I'm pretty
sure crossdomain.xml isn't what you're looking for, with the recent
security changes to the Flash Player I think you are looking more
for a Socket Policy File. You can read up on what I'm talking about
here at the following link.
Policy
File

How can I serve crossdomain.xml file on a specific port?

Let me introduce my problem step by step:
I was using a socket connection on the address www.mydomain.com:1925 to provide a chat service for my users. When I moved to cloudflare, I could not connect to port 1925 directly because of the fact that my requests were reaching my origin server over cloudflare and the port was changing.
How did I solve it? I created a subdomain chat.mydomain.com whose DNS settings point to my origin server not cloudflare. I bypassed cloudflare by this way and I connected my chat service by using chat.mydomain.com:1925 on the browser. So far so good.
Here is the problem. I am also using Flash and AS3. It is the core of my game on the site. Chat is working on html and my game in flash is in some part of my website. In flash, I was sending scores of players using again a socket connection on www.mydomain.com:1925 by a different namespace.(Since swf's host and url's host matched, I didn't have any problem I think).Since I have changed the domain to chat.mydomain.com:1925, Flash started to request a crossdomain.xml on chat.mydomain.com:1925. There is a crossdomain.xml file on chat.mydomain.com however I cannot serve it from chat.mydomain.com:1925. Here is my code:
Security.loadPolicyFile("https://chat.mydomain.com/crossdomain.xml");
var urlLoader:URLLoader = new URLLoader ();
var url:String = "https://chat.mydomain.com:1925/socket.io/1/";
var request:URLRequest = new URLRequest(url);
request.method = URLRequestMethod.POST;
urlLoader.dataFormat = URLLoaderDataFormat.TEXT;
urlLoader.addEventListener(Event.COMPLETE, completeHandler);
urlLoader.addEventListener(IOErrorEvent.IO_ERROR,ioErrorHandler);
urlLoader.load(request);
Since flash cannot find crossdomain.xml by getting 404, the requests in my code do not work. How can I solve this problem? How can I use the origin chat.mysite.com:1925?

You're going to have to host it in a way that lets you serve HTTP/S content (at least the crossdomain.xml) on port 80 or 443 respectively.
The Flash Player Security Whitepaper has an excellent breakdown of the requirements for crossdomain policy stuff:
White paper: Adobe Flash Player 10 security | Adobe Developer Connection

Please HELP with CrossDomain.xml problem

I'm using Flex2 with Java as the backend. On my local machine
everything works fine. When I deployed the Java war file to the
hosting server and moved the swf there as well I keep getting the
following error "Security error accessing url"
faultCode="Channel.Security.Error". After reading on this it says I
need a crossdomain.xml file put at the root of my server.
I have placed a crossdomain.xml file at the following areas.
C:\Inetpub\wwwroot\crossdomain.xml
C:\Inetpub\vhosts\mysite.com\crossdomain.xml
C:\Inetpub\vhosts\mysite.com\httpdocs\crossdomain.xml
C:\Program
Files\SWsoft\Plesk\Additional\Tomcat\webapps\crossdomain.xml
the following is in the crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "
http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" secure="true"
/>
</cross-domain-policy>
the war file is deployed here:
C:\Program
Files\SWsoft\Plesk\Additional\Tomcat\psa-webapps\mysite.com\testjava.war
and the swf file is located here:
C:\Inetpub\vhosts\mysite.com\httpdocs\test.swf
I don't know what I'm missing. Please someone help me.

daperk,
You should post this to board "Smartphones, Nseries and Eseries Devices".

Crossdomain.xml

Hi,
I already posted in PcP1's board but as the subject i think it's a "cross question" between web and PcP...
I'd like to use the ability of jw player to put in playlist the content of a rss feed (from a podcasts' blog), i thought it could be an easy way to spead podcasts contents on other sites...but it apparently needs an xml file named crossdomain.xml to authorize Flash to read datas from a different domain.
I tried in /Library/WebServer/Documents and restarted web, and tried also in /PodcastProducerContents/Podcasts (but didn't know what to reboot)..But it doesn't work..Does anyone knows where and how put this file ?
Thanks in advance, Julien

According to the Specification, the crossdomain.xml file should be placed in the root level of your web server. That would typically be /Library/WebServer/Documents/ unless you've changed it.
If that's correct and where you've saved the file then the next thing to look at is the actual content of the file to ensure it grants the rights that you expect.

Will I need a crossdomain.xml file?

I have been working on my first Flex application and it
builds several menu structures based on data received from external
XML files. Everything works fine when running the project within
Flex Builder but when I move the build directory (/bin) to another
location it does not load my menus. I have since found out this is
because of the security setting the projects build directory gets
and to get my files to work elsewhere I will need a crossdomain.xml
file.
After researching how crossdomain.xml files work I'm
wondering if in my case I should even need one because the files my
SWF are loading will already be placed on the local machine - not a
server. Still, the application is not working so I have tried a
crossdomain.xml anyways using the following code:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "
http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="192.168.*" secure="false"/>
</cross-domain-policy>
The file seems to have no effect (althought the "192.168.*"
string I used may not be what I want) and I'm looking for other
options. Also, I was originally getting my XML from an HTTPRequest
but am now using a URLRequest() which then converts the content to
XML which I find cleaner in the code.
Any ideas keeping in mind this application will have all its
content loaded from CD onto the users local drive?

This is always a little confusing. Here's how it works. The
Flash Player is aware of which domain is referenced when the first
SWF is loaded. The "domain" could be www.adobe.com or
labs.adobe.com or 192.168.0.100. The Flash Player thinks of this as
its home domain. Any reference to any other domain is a security
concern. Even if that happens to be "localhost".
Things work from Flex Builder because Flex Builder registers
its directories with the Flash Player and makes everything have the
security level of "local-trusted". This means your Flex app can
load files from anywhere - the local file system (via HTTPService
for example, not a direct read of the file) or from the network.
When you move your SWF to another place, such as a web
server, that server's domain becomes the home, trusted domain for
the Flash Player when it loads a SWF from there. If your data file
is in the same domain as the SWF (eg, in the same directory or a
sub-directory), then the Flash Player won't have a problem loading
it.
HTTPService url="mydata/myfile.xml" or
url="/flex/mydata/myfile.xml" work because they are relative paths
to where the SWF is located and thus, in the same domain. However,
if you do: url="
http://localhost/mydata/myfile.xml"
and the SWF is now coming from a web server in a different domain
(foreign domain), then its a security problem.
In order for the Flash Player to be allowed to load data from
outside the home domain, there must be something that authorizes
it. That's the crossdomain.xml file. When the Flash Player sees
that you are going to load a file from a different domain, it asks
that domain for its crossdomain.xml file. The Player then looks to
see if its home domain is among those allowed to access files. If
not, security error. If the home domain is present, then the file
is requested.
The crossdomain.xml file should list the home domain of the
SWF, not your machine's domain or IP address. For example, suppose
the SWF is now on adobe.com and is launched like this:
http://www.adobe.com/flex/YourApp.html.
The Flash Player will assume that www.adobe.com is its home domain.
Even if you are in the abcxyz.com domain.
Now your Flex app wants to load
http://localhost/mydata/myfile.xml.
The Player will ask for
http://localhost/crossdomain.xml
and look to see if www.adobe.com is allowed access.
To recap:
The domain of the first SWF loaded
into the Player is the home domain.
Any access to data outside of the
home domain requires a crossdomain.xml file.
The crossdomain.xml file should be at
the context root of the domain (eg,
http://www.adobe.com/crossdomain.xml
or
http://localhost/crossdomain.xml).
The home domain must be granted access to load any resources from
the foreign domain.
If you are using Flex Data Services and you have
useProxy="true" on your data service request, then some different
security rules apply. Let us know if that's the case.

What is Crossdomain.xml

Can some one tell me what is the use of crossdomain.xml? And how it works? Where it should be the crossdomain.xml file is placed in client side or on remoting server?

If you have a Flash movie in a given domain on one server, you cannot access data on another domain. This is a security precaution. In order to use data from another domain, you have to allow that other data to be shared by including a crossdomain.xml file in the second domain. This crossdomain.xml file tells the flash player that data coming from this second domain is OK to use.
There are a number of scenarios explained in the first document that I listed above. Do you have a situation that is different from all of those examples?

#2170 error calling a webservice from Xcelsius having crossdomain.xml

Hello together,
we are facing a #2170 error indicating we don't have a proper policy file in place when executing a published Xcelsius flash in SAP BI application portal.
We created a WebService that is running an SAP BI System 7.01. The WebService is function module based and was generated following the wizzard. Afterwards we created a Xcelsius app that consumes data from this WebService (via data connection). The resulting flash from Xcelsius was pulished to SAP BI System (portal).
Since there are many entries in the SDN and the internet in general we finally also created an crossdomain.xml file on the BI system which can be accessed and is visible by using "https://<server>/crossdomain.xml".
Now the confusion begins: We exported the flash from Xcelsius to local desktop and executed the corresponding HTML-file. It's working and I can receive/see WebService data (after adjusting flash-security-settings). If we upload both exported files (html and swf) to the BI system (as MIME objects) and execute the html again we are also receiving WebServervice data. So far so good. But if we execute the link from the SAP BI Portal (Xcelsius menu > SAP > Start) we still get the error #2170 indicating we don't have a proper domain policy file in place. But for my understanding we do have. So currently I would assume the error message is somehow misleading.
During all the activities I found out that this error is also raised if the user has insufficient authorization. My user has SAP_ALL authorization for testing purpose.
In general I would say we are not that wrong with our Xcelsius/WebService if we are not coming from BI portal. So my questions are:
1.) Are there any authorization on portal side that might not fit and lead to this error? If insufficient authorizations produces such an error ...
2.) Did we miss any other stuff during our try/fail-operations?
Many thanks in advance for your hints.
Steffen

Hi Rajat,
This is how the default trace looks
FATAL: Application Servlet failed to notify devices.
Caught java.rmi.RemoteException: Service call exception; nested exception is:
     com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
     at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1289)
     at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1298)
     at com.om.ApplicationServlet$NotifyDevices.run(ApplicationServlet.java:86)
Caused by: com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (503) Service Unavailable. The requested URL was:"http://<<server>>:50000/ManagementService/ManagementService?style=document"
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:980)
     at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1430)
     at com.om.mws.standaloneproxy.ManagementServiceBindingStub.notifyDevice(ManagementServiceBindingStub.java:1282)
     ... 2 more
java.lang.NoSuchMethodError
at java.lang.Thread.destroy(Thread.java:779)
     at com.omApplicationServlet$NotifyDevices.run(ApplicationServlet.java:92)
Rgds
Shashank

IOError in IE but not in Firefox (possible crossdomain.xml problem)

Yesterday, I hopefully debugged a problem that is occuring for our application in IE but not in Firefox.
It has to do with accessing remote content from a separate domain.
In every aspect it APPEARS to be a crossdomain.xml issue but the fact that this issue only arrises in IE is what has prompted me to post here.
We have a solution in the works (bureaucratically speaking) but I want to double check here.
Our application is on domain "a.domain".
It access an xml file on "b.domain/xml/".
And finally (this is the tricky part) it also accesses an xml file at "b.domain/forwardingPath/" which is actually forwarded to "c.domain/xml/".
The crossdomain.xml is located at "b.domain/crossdomain.xml".
The request for "b.domain/xml/anXMLFile.xml" works without any problem.
The request for "b.domain/forwardingPath/anotherXMLFile.xml" succeeds in Firefox but not in IE (remember, the ACTUAL request is forwarded to "c.domain/xml/anotherXMLFile.xml").
In IE I get an IOError.
I believe we need an appropriate crossdomain.xml file also located at "c.domain/crossdomain.xml" and have put in that request. What I want to confirm is whether this understanding is correct. I am not a server-side person at all. It's all elves and fairies to me. And then finally, why the hell is this behavior inconsistent between IE and Firefox? Is the Firefox version of flash player violating its own security standards?!
I am cross-posting this at stack overflow. http://stackoverflow.com/questions/7395931/ioerror-in-ie-but-not-in-firefox-possible-cross domain-xml-problem

I've pinged our developers about this and here's what they have to say:
"We did some work for the plugin around redirects andhence the correct behavior on Firefox.
AFAIK, on IE we don't get notified of the redirect and can't participate in making security decisions during redirect scenarios. This behavior is out of our control.
There is a workaround documented in the AS3docs here: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/LoaderCont ext.html#checkPolicyFile
Here is the pertinent paragraph:
Be careful with checkPolicyFile if you are downloading anobject from a URL that may use server-side HTTP redirects. Policy files arealways retrieved from the corresponding initial URL that you specify inURLRequest.url. If the final object comes from a different URL because of HTTPredirects, then the initially downloaded policy files might not be applicableto the object's final URL, which is the URL that matters in security decisions.If you find yourself in this situation, you can examine the value ofLoaderInfo.url after you have received a ProgressEvent.PROGRESS orEvent.COMPLETE event, which tells you the object's final URL. Then call theSecurity.loadPolicyFile() method with a policy file URL based on the object'sfinal URL. Then poll the value of LoaderInfo.childAllowsParent until it becomes true."
Chris

Security Error in accessing Web service from Flex.Where to put crossdomain.xml in axis container?

Hi guys.
Typically webservices are invoked across domains. Flash has defined certain policies which prevent crossdomain access. The only way to bypass this security feature is to put a crossdomain.xml file within the server root of the webservice provider i.e. in our case at http://abc.com. A sample example of crossdomain.xml is as below:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
     <site-control permitted-cross-domain-policies="all" />
     <allow-access-from domain="*" secure="false"/>
     <allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
If the crossdomain.xml is not added the developer will get “Security Error accessing URL” type of messages.
The above mentioned information should be enough for you to get your flex based WebService client up and running.
We are using axis2 to build webservices. We deployed the webservices under axis2 container under repository/srvices folder . But in Flex when we try to call the webservices we were getting the exception saying security error in accessing url. The solution is we need to put the crossdomain.xml o that it is loaded at runtime and allow us to access. In tomcat if we put the file under ROOT directory we could accss the file and we were able to access the webservices deployed under Tomcat. But I googled for Axis2 container and couldnt find any solution.
Please post the reply if anyone knows the solution to it.
Thanks
Raja

Hi. So, I did take a quick look at the Axis2 standalone server and didn't see any way to server up a file such as crossdomain.xml. It seems like it might be a useful enhancement to have the ability to serve up files even if this functionality was very simple/limited and nothing like a full blown http server.
I'd log an enhancement request against axis2 if this is something you'd like to have.
http://issues.apache.org/jira/browse/AXIS2
-Alex

Where to place crossdomain.xml in SAP ECC IDES?

Hi,
I have a flex application which uses webservices generated in SAP IDES system. This flex app is stored in portal server. Since the physical servers are involved, I get a security error message, which says, "Security error accessing url". I browsed through the net and found that, we have to place a crossdomain.xml file in the web root folder of the server from where we are fetching the data. In my case, it would be SAP IDES system.
I wanted to know where do I place this xml file in IDES? What would be it's location and how can I generate a URL to access this xml file?
Please let me know about this, if anyone has done this before.
Appreciate your help.
Thank you,
Warm regards,
Deepak

Hi Durairaj,
As mentioned in that thread, I created a BSP application in the server and loaded crossdomain.xml. It was accessible from the browser too.
This is the xml code which is there in crossdomain:
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
But this did not solve my purpose
I have my flex application in a server, servera.abc.com and I am using the webservices of another server, serverb.abc.com
I uploaded the crossdomain.xml in serverb.abc.com, in the following path through a BSP application:
http://serverb.abc.com:8000/sap/bc/bsp/sap/zroot/crossdomain.xml
But I still get the 'security accessing url' message in flex. It doesn't load the wsdl.
I'm also using this piece of code in initialize event of the application in flex:
                       private function initSecurity():void{
                    Security.allowDomain("*");
                    Security.loadPolicyFile("http://serverb.abc.com:8000/sap/bc/bsp/sap/zroot/crossdomain.xml");
                    Alert.show("crossdomain xml loaded....");
Where am I going wrong here?

AS2 Crossdomain.xml and sendAndLoad

I have a flash form with input text fields. I am sending the data to a 3rd party server. I can send the information via getURL but I want to send the data without opening a browser window so I am utilizing sendAndLoad. It works great locally but not through a browser (tested in IE and Firefox). I have verified that all the variables and urls are in the correct case, I have tried both Post and Get, I have tried network and local... Ugh! I am losing my hair on this one please help asap!!!
Here is the file - click on the second image...
http://www.axonmediagroup.com/adimag...directbuy.html
Here is the code...
on (release) {
if (first_name.text.length == 0) {
error.text = "** First Name Required **";
} else if (last_name.text.length == 0) {
error.text = "** Last Name Required **";
} else if (address1.text.length == 0) {
error.text = "** Address Required **";
} else if (city.text.length == 0) {
error.text = "** City Required **";
} else if (state1.value == "") {
error.text = "** State Required **";
} else if (postal_code.text.length == 0) {
error.text = "** Zip Required **";
} else if (phone_home.text.length == 0) {
error.text = "** Phone Required **";
} else if (email.text.length == 0) {
error.text = "** Email Required **";
} else {
System.security.loadPolicyFile('https://app.leadconduit.com/crossdomain.xml');
var myloadVars:LoadVars = new LoadVars();
myloadVars.RName = 'AxonMedia';
myloadVars.AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
myloadVars.ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
myloadVars.SUBID = 1;
myloadVars.xxNodeId = '050l0tjhd';
myloadVars.xxTest = 'true';
myloadVars.Country = 'USA';
myloadVars.first_name = first_name.text;
myloadVars.last_name = last_name.text;
myloadVars.SpouseName = SpouseName.text;
myloadVars.address1 = address1.text;
myloadVars.city = city.text;
myloadVars.state1 = state1.selectedItem.label;
myloadVars.postal_code = postal_code.text;
myloadVars.phone_home = phone_home.text;
myloadVars.email = email.text;
trace(myloadVars);
myloadVars.sendAndLoad("https://app.leadconduit.com/v2/PostLeadAction?",myloadVars,"POST");
myloadVars.onLoad = function(success:Boolean) {
if (success) {
error.text = "Thank you for contacting us!";
} else {
error.text = "Error connecting to server.";
Here is the code that works via browser...
on (release) {
if (first_name.text.length == 0) {
error.text = "** First Name Required **";
} else if (last_name.text.length == 0) {
error.text = "** Last Name Required **";
} else if (address1.text.length == 0) {
error.text = "** Address Required **";
} else if (city.text.length == 0) {
error.text = "** City Required **";
} else if (state1.value == "") {
error.text = "** State Required **";
} else if (postal_code.text.length == 0) {
error.text = "** Zip Required **";
} else if (phone_home.text.length == 0) {
error.text = "** Phone Required **";
} else if (email.text.length == 0) {
error.text = "** Email Required **";
} else {
System.security.loadPolicyFile('crossdomain.xml');
var RName = 'AxonMedia';
var AdReferenceID = '944E5433-F8B5-44FF-8085-E4A1D0D844E9';
var ReferenceID = '040E5D57-3A1A-412D-A1F4-B45BD48AE791';
var TimeFrame = 0;
var SUBID = 1;
var xxNodeId = '050l0tjha';
var xxTest = 'true';
var Country = 'USA';
var first_name = first_name.text;
var last_name = last_name.text;
var SpouseName = SpouseName.text;
var address1 = address1.text;
var city = city.text;
var state1 = state1.selectedItem.label;
var postal_code = postal_code.text;
var phone_home = phone_home.text;
var email = email.text;
getURL("https://app.leadconduit.com/v2/PostLeadAction?", "_blank", "GET");
error.text = "Thank you for your response!";
}

Sounds like the update for Flash 8 may help.

Apache proxypass and crossdomain.xml not working

Hi everyone,
I have the following problem. I have set up jboss on a Linux server connecting to local port 8080 (localhost:8080).
I have opened the application on port 80 with Apache ( www.myDomain.com) and set up a virtual host that proxies
this connection to localhost:8080 where jboss is listening.
<VirtualHost *:80>
    DocumentRoot /var/www/nyDomain
    ServerName myDomain.com
    Alias /crossdomain.xml /var/www/html/crossdomain.xml
    # proxy pass to the jboss server
    <IfModule mod_proxy.c>
    ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Deny from all
        Allow from all
    </Proxy>
    ProxyPass /Stylect http://127.0.0.1:8081/Stylect
    ProxyPassReverse /Stylect http://127.0.0.1:8081/Stylect
    # ProxyPreserveHost on
    </IfModule>
</VirtualHost>
The crossdomain.xml file is at the root of the server and can be accessed with www.mydomain.com/crossdomain.xml
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
I can see in firebug that it's being downloaded when I first request the page - this is the response:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Software as a Service Development. </title>
<META name="description" content="Description here"><META name="keywords" content="Saas, fashion design, plm, production, nutrition, food, orders">
</head>
<frameset rows="100%,*" border="0">
<frame src="http://xxx.xxx.xxx.xx/crossdomain.xml" frameborder="0" />
<frame frameborder="0" noresize />
</frameset>



</html>
Yet I still get a 2048 sandbox violation error.
The crossdomain is needed because the proxied request
appears to be coming from the public ip while jboss
is bound to the local host.
If I expose Jboss directly to the web all works well but there
are too many security issues in that setup. Apache as a front is
much better.
The question is: is this the correct response I should be getting
(or should it be directly the xml file) and why is it not working?
How can I fix this?
Any help much appreciated. I'm stuck.
Dahn

Try adding security="false" inside the next line:
<allow-access-from domain="*"/>
so it would look something like
<allow-access-from domain="*" security="false" />
It fixed the problem for me.

Why is the Shockwave player not requesting the root crossdomain.xml

Hi,
I have a Director movie (DCR) that is presented to visitors to my website. The DCR is actually downloaded from a separate Content Delivery Network (CDN).
On startup, the DCR connects to my original website to retrieve some additional information that is presented to the visitor. But because the DCR comes the CDN, when it attempts to access my website a warning dialog appears informing the visitor that the DCR is attempting to access another site and asking them to allow or deny access.
I did some reading of the Adobe docs and found that from version 11.5, the Shockwave player will skip this dialog if the referenced domain includes a cross domain policy file that permits access. The movie can load a specific policy from the target domain, but if it doesn't the docs say that the player will read the default crossdomain.xml from the root of the target network.
So I created and deployed the default crossdomain.xml as described in the documentation and redeployed my application. However, when the DCR started the same dialog appeared warning about the cross domain reference and asking me to allow or deny it.
I thought perhaps there was an error in how I deployed the cross domain file, but when I checked more closely I discovered that Shockwave player never even requested the file from the target server.
Does anyone have any idea why this might be happening? Am I missing some step that is required to make the player request the default cross domain policy file?
Thanks in advance for any help people can offer.
Damian

I thought this had been fixed in the latest version of the installer, but perhaps not. Try the option suggested in this thread

Placing crossdomain.xml on server

Similar Messages

Maybe you are looking for