Spry JSONDataset and IE8 cross domain policy

Similar Messages

• Cross domain policy file and BitmapData

  Hey guys and gals, I'm having an issue with a Security error
  when trying to access photos from an external site. I have a client
  who is at siteA.com, who wants to load in photos from siteB.com,
  siteC.com, and probably 100 other sites. He has permission to do so
  from the other sites, but doesn't want to go through all the
  trouble of asking each site to post a cross-domain policy file.
  Please correct me if I'm wrong, but the way I understand it is, if
  you want to simply load an image into a Loader object within a swf,
  you're ok, but if you want to access the BitmapData, you will then
  get a security error? My snippet of code that I believe is causing
  the security error is
  public function imageLoaded(e:Event):void {
  var image:Bitmap = Bitmap(e.target.loader.content);
  image.smoothing = true;
  imageContainer.addChild(e.target.loader);
  As you can tell, the reason why I want to access the Bitmap
  itself is to apply smoothing. That is my main concern, I want to be
  able to apply smooth transitions to these pictures that are loaded
  in from external sites. My main goal is to load images externally,
  then apply smooth transitions, so if you know of a way to get
  around the security violations, that would be great. The only
  work-around we have for this is to write a script that will load
  all the images from the external sites onto the local server, as
  this will be less work than getting the cross-domain policy file on
  each server (if that's what it takes). Thanks in advance for
  anybody who can shed some light on the subject.

  If I understand you correctly, a 'helper' swf would be on the
  site where the images are held, much like a cross-domain policy
  file? I don't understand how that would be much different than
  getting the external sites to add a cross-domain policy file on
  their server. It sounds easier to just throw the cross-domain
  policy file on the external site's server with '*' for the path of
  allowed directories to load images from. I'm pretty new to the
  cross-domain security issue, so I'm not sure. I don't understand
  why it's a security risk to access the pixels of an image either...
  anybody know about that? Just trying to figure out where to go from
  here on this project. Thanks for the reply GWD, still looking for
  some more feedback.

• Load XML file from addon domain without cross-domain Policy file

  Hello.
  Assuming that there are two addon domains on the same server: /public_html/domain1.com       and      /public_html/domain2.com
  I try to load XML file from domain2.com into domain1.com without using cross-domain policy file (since it doesn’t work on xml files in my case).
  So the idea is to use php file in order to load XML and read it back to flash.
  I’ve found an interesting scripts that seems to do the job but unfortunately I can't get it to work. In my opinion there is somewhere problem with AS3 part. Please take a look.
  Here are the AS3/PHP scripts:
  AS3 (.swf in www.domain1.com):
  // location of the xml that you would like to load, full http address
  var xmlLoc:String = "http://www.domain2.com/MyFile.xml";
  // location of the php xml grabber file, in relation to the .swf
  var phpLoc:String = "loadXML.php";
  var xml:XML;
  var loader:URLLoader = new URLLoader();
  var request:URLRequest = new URLRequest(phpLoc+"?location="+escape(xmlLoc) );
  loader.addEventListener(Event.COMPLETE, onXMLLoaded);
  loader.addEventListener(IOErrorEvent.IO_ERROR, onIOErrorHandler);
  loader.load(request);
  function onIOErrorHandler(e:IOErrorEvent):void {
      trace("There was an error with the xml file "+e);
  function onXMLLoaded(e:Event):void {
      trace("the rss feed has been loaded");
      xml = new XML(loader.data);
      // set to string, since it is passed back from php as an object
      xml = XML(xml.toString());
      xml_txt.text = xml;
  PHP (loadXML.php in www.domain1.com):
  <?php
  header("Content-type: text/xml");
  $location = "";
  if(isset($_GET["location"])) {
      $location = $_GET["location"];
      $location = urldecode($location);
  $xml_string = getData($location);
  // pass the url encoded vars back to Flash
  echo $xml_string;
  //cURLs a URL and returns it
  function getData($query) {
      // create curl resource
      $ch = curl_init();
      // cURL url
      curl_setopt($ch, CURLOPT_URL, $query);
      //Set some necessary params for using CURL
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     //Execute the curl function, and decode the returned JSON data
      $result = curl_exec($ch);
      return $result;
      // close curl resource to free up system resources
      curl_close($ch);
  ?>

  I think you might be right about permissions/settings on the server for php. Unfortunately I'm not allowed to adjust them.
  So I wrote my own script - this time I used file path instead of http address of the XML file.  It works fine in my case.
  Here it is:
  XML file on domain2.com:
  <?xml version="1.0" encoding="UTF-8"?>
  <gallery>
      <image imagePath="galleries/gallery_1/images/1.jpg" thumbPath="galleries/gallery_1/thumbs/1.jpg" file_name= "1"> </image>
      <image imagePath="galleries/gallery_1/images/2.jpg" thumbPath="galleries/gallery_1/thumbs/2.jpg" file_name= "2"> </image>
      <image imagePath="galleries/gallery_1/images/3.jpg" thumbPath="galleries/gallery_1/thumbs/3.jpg" file_name= "3"> </image>
  </gallery>
  swf  on domain1.com:
  var imagesXML:XML;
  var variables:URLVariables = new URLVariables();
  var varURL:URLRequest = new URLRequest("MyPHPfile.php");
  varURL.method = URLRequestMethod.POST;
  varURL.data = variables;
  var MyLoader:URLLoader = new URLLoader;
  MyLoader.dataFormat =URLLoaderDataFormat.VARIABLES;
  MyLoader.addEventListener(Event.COMPLETE, XMLDone);
  MyLoader.load(varURL);
  function XMLDone(event:Event):void {
      var imported_XML:Object = event.target.data.imported_XML;
      imagesXML = new XML(imported_XML);
     MyTextfield_1.text = imagesXML;
     MyTextfield_2.text = imagesXML.image[0].attribute("thumbPath");  // sample reference to attribute "thumbPath" of the first element
  php file on domain1.com:
  <?php
  $xml_file = simplexml_load_file('../../domain2.com/galleries/gallery_1/MyXMLfile.xml');  // directory to XML file on the same server
  $imported_XML = $xml_file->asXML();
  print "imported_XML=" . $imported_XML;
  ?>
  Regards
  PS: for those who read the above discussion: the first and the second script work but you must test which one is better in your situation. The first script will also work between two domains on different servers. No cross domain policy file needed.

• Cross domain policy issues

  I am attempting to communicate with a web service via flash
  across sub domains. All works fine and dandy on my local machine,
  but when i upload to my web server there is no communication across
  the domains. The way the servers are configured, i don't have
  access to the root of the domain to place the crossdomain.xml in
  the default location, so i have it in the folder next to the web
  service and link to it directly shown below. I have this line on
  the first frame of the first layer of my file
  quote:
  System.security.loadPolicyFile("MYDOMAIN/StudentConnect2Apply/crossdomain.xml");
  The server containing the flash file is insecure and the web
  service is secure (https). this is what my crossdomain.xml file
  looks like:
  quote:
  <cross-domain-policy>
  <allow-access-from domain="*.MYDOMAIN.net"
  secure="false"/>
  </cross-domain-policy>
  I have also enabled logging within my flash player to track
  down problems, when i initially load the page in the browser, it
  approves the policy file:
  quote:
  OK: Policy file accepted:
  https://MYDOMAIN/StudentConnect2Apply/crossdomain.xml
  But after submitting the form and attempting to interact with
  the web service, i get an error saying permission is denied due to
  lack of policy file permissions and
  quote:
  Warning: Failed to load policy file from
  MYDOMAIN/crossdomain.xml
  It is looking in the root of the domain after i defined and
  it accepted the overridden location. Is there another way to define
  where the crossdomain.xml file is located that i am missing,
  possibly in the web service settings somewhere?

  I have found my answer, thanks to another forum.
  Meta-Cross Domain Policies.
  http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_03.html
  Basically I can now say "f*ck you adobe. I as a college
  student who likes to host things on my 150 MB of server space can
  no longer host XML formatted levels for games I write. Because I am
  not the administrator of the server and will never be able to
  convince the administrator to let me have the MCDP file allow my
  flash file to load it's levels."
  F*ck you Adobe, F*ck You.

• Error 2170 in Cross Domain Policy deployed in Enterprise Portal

  Hi All,
  We are facing an Error # 2170 for the Cross Domain Policy in Enterprise Portal.
  We developed the dashboard using 2 web service connections (using ECC Remote Enabled Functon Module). The Web services were made Public so that they can be accessed from any network. We developed the dashboard using the public enabled webservices and exported to the SWF file which is working fine.
  But when we place the dashboard SWF file in the Enterprise portal it gives the error " Cross Domain Policy Error #2170" .
  We Placed the Cross domain Policy file in ECC Server in the root directory and placed the same in Enterprise portal C drive.
  But still it shows the same error when we preview the dashboard in Enterprise Portal.
  The Cross Domain Policy File that we are using is as follows:
  -<cross-domain-policy> <site-control permitted-cross-domain-policies="all"/>
              <allow-access-from secure="false" to-ports="" domain=""/>
             <allow-http-request-headers-from secure="false" domain="" headers=""/>
             <allow-https-request-headers-from secure="false" domain="" headers=""/>
  </cross-domain-policy>
  Please let us know if the cross doamin file is correctly coded and suggest us with suitable solutions for this problem. Also let us know if there is some alternative solution to this issue.
  Thanks,
  Malla Reddy D

  Hello Malla,
  Maybe SAP Note 1240810 helps... Anyway, I would say that if your issue is with the direct SAP NW BI connection, through BICS, the only file which is relevant is bicsremotecrossdomain.xml, which should be located on your server HTTP root.
  Another check you can perform is if you have both portal certificate entries as per SAP Note 1508663.
  Kind Regards,
  Marcio

• I am developing a flex web application which needs to access Other domain ,is there any other way other than cross domain policy available ? please help

  i am developing a flex web application which needs to access Other domain (Payment Gateway API),is there any other way other than cross domain policy available ? please help.
  we donot have access other domain thats why we want other solution..

  All the paths to CFCs are the same in my live production site.  Can you be more specific as to what you mean by "RemoteClass aliases in your AS Classes and CFCs (if any) are correct."?  How will the app know that the CFC is on http://myLiveSite.com instead of http://myDevSite.com?  The only line of code that I have noticed that points to a URL is the endpoint in a file called _Super_XXX.as.  And at the top of that file it says that the file is not meant for editting.
  To clarify...I see your app/code all exists on a server access via a web browser so I can understand that everything still works when deployed.  Mine is a mobile app so when I am developing and testing on my local computer the URL points to my local development machine.  However when I deploy it to a mobile device like a tablet and run the app, it needs to be able to access a cfc on a remote server via a different URL ie. my http://myLiveSite.com/myCFC.cfc instead of http://localhost/myCFC.cfc
  Thanks for your help!  I will now take a look at your thread.
  Message was edited by: ace0215

• Using Microsoft Security Essential as Enterprise security solution and deploy via domain policy

  hi, All,
  I am trying to deploy Microsoft Security Essential in a enterprise via domain policy, and met following questions ,Would anyone help?
  1. Is Microsoft Security Essential the right choice for enterprise security protection solution and if Security essential will cover enterprise security scenario in future? It seems Microsoft had Forefront Endpoint Protection as enterprise security
  solution but it was deprecated.   While, Security Essential is mainly target for consumers.
  2. I can extract msi from setup.exe, but is there an official MSI version of Security Essential? Is there any document about the MSI parameters? 
  3. Is there a domain policy template(admx) for Security Essential?
  4. As Security Essential has x86 and x64 versions. and it has built-in in win8. How would I make sure
           x86 computers install x86 msi of security essential.
           x64 computers install x64 msi of securit yessential.
          win8,win8.1 computers ignore the installation request.
          through  Group Policy Editor > Computer Configuration > Software Settings > Software Installation > New > Package

  Hi
  You are correct, Microsoft Security Essential is not for Enterprise use.
  Technical you can deploy it but its hard to manage central.
  Microsoft Enterprise solution for antimalware is System Center 2012 Endpoint Protection which is included in System Center 2012 Configuration Manager.

• Double vertical spry menus and IE8

  I am trying to use two vertical spry menus on one page.  This works in Chrome and Firefox, but the fly outs will not work in IE8.  I am using Dreamweaver CS4, Operating System is XP Pro.  Is there a fix for this issue?  Bushmom

  I am trying to use two vertical spry menus on one page.  This works in Chrome and Firefox, but the fly outs will not work in IE8.  I am using Dreamweaver CS4, Operating System is XP Pro.  Is there a fix for this issue?  Bushmom

• Cross-Domain Policy File

  I just made an IRC client for Android + iOS, and now I'm having issues porting it to the browser.  I've built flash games where the server hosts the Policy Domain File, obviously with an IRC client that's not going to happen in all instances.
  I'm wondering why the browser version can run perfectly fine under CS6's debug mode, but when it's been deployed to the browser it can't seem to connect?  What settings would I have to do [if at all possible] to replicate this debug mode [in CS6] inside the browser?
  Thanks!

  In the browser, are you running it via Flash Player or are you making an AIR for web app?
  The browser is the strictest sandbox Flash can run in. The infamous #2048 is a generic security violation. You're doing something your current sandbox doesn't allow. The most obvious thing to verify is on the SWF output settings make sure your sandbox is set to access network files, not access local files. Otherwise you'll get that error.
  Outside that it's going to be looking for a socket policy file. I won't even get into creating these because your endpoint is an IRC server. Unless you're running your own IRC server you're not going to get some IRC server host to install a socket policy file for you so that point is moot. Without the socket policy file you're in some tough territory that will require some advanced debugging.
  My suggestion would be to get Fiddler so you can actually see the request and response packets being sent to and from Flash inside your browser. You will definitely see Flash make a request and the response will give you clues on what's happening just before you receive the #2048 security error. You may see it request the policy file and then the server returns nothing or an invalid response and then Flash gives you the error. If that happens you may be out of luck.
  Here's fiddler (I'd update your .NET to the latest and use V4 instead of V2):
  http://www.fiddler2.com/fiddler2/version.asp
  Here's another Adobe post of someone having a #2048 error while using fiddler to diagnose it:
  http://forums.adobe.com/message/4668901#4668901
  The fiddler site has some documentation. It's a pretty great tool for analyzing packet traffic (using the "select process" target will limit the packets to a browser you select (or any other app)). You may need to enable decrypting HTTPS traffic if you're using a SecureSocket. There's all instructions there on helping you diagnose and watch the inner workings of all requests/responses to track down the issue quickly.
  Lastly I would uninstall Fiddler after you're done with it and reinstall it later when you need it. Especially if you enable HTTPS decryption. It must install some fake certificates to allow itself to intercept traffic. You'll just clutter up your certificates with junk certs if you keep fiddler installed. It's a very quick install/uninstall and the software itself is very widely used and regarded. It's not a trust thing, it's a cleanliness thing.

• Third-party JS Libraries and XHR cross-domain requests

  Hello,
  I am running into issues while developping a Windows Store app implementing the Jabber javascript SDK. This jquery-based SDK allows you to connect to a Cisco communication server to send/receive messages between users and share presence states. 
  The problems I am having is that the SDK attempts to send a request (for the connection) to the communication server using XHR javascript function and Visual Studio throws me an Javascript Access Denied error that I can't get passed even trying to add the
  URL of the server in the whitelist manifest (because it is not an HTTPS uri and the manifest won't take the HTTP uri).
  What would you suggest to perform what I am trying to do within a Windows 8 Store app? How come I cannot add an HTTP uri into the manifest whitelist? Have you already had to deal with the Jabber SDK in such an environment?
  Thank you very much for your help,
  Kind regards.

  Hi Clement,
  This issue may caused by the compatibility between store app and Jabber javascript SDK. Since Jabber is a third-party library and it is out of our support range. I would recommend you post this question on Jabber discussion forum.
  https://communities.cisco.com/community/developer/collaboration/jabber/content?filterID=contentstatus[published]~objecttype~objecttype[thread].
  I also found some similar question about access deny using js. Please refer to see if it help.
  http://stackoverflow.com/questions/14224637/access-is-denied-error-in-windows-store-app-using-javascript
  https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2bf40c11-0b2f-4c99-bed4-2cc80a4eed6b/access-denied-when-call-xmlhttprequestopen-in-the-iframe?forum=winappswithhtml5
  regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate
  the survey.

• Xml Socket  policy to connect to a range of IPS cross domain scripting

  Dear,
  I have a problem with connecting to other servers rather the
  one who has served the swf file.
  i was facing the problem even on the same machine , so i have
  provided the policy file , to be served before opening the
  connection, and it works, but still in IE6 i was just skiping the
  requset-policy-file that is sent by the movie and it works, rather
  the other browsers didn't like this way. At that time i have
  written the code to check for the header , and send back the policy
  file.
  the policy file that i am using is the following:
  PolicyFile = @"<?xml
  version=""1.0""?><cross-domain-policy><allow-access-from
  domain=""192.168.1.100"" to-ports=""843""
  /><allow-access-from domain=""192.168.1.101""
  to-ports=""843"" /></cross-domain-policy>";
  My hope is to be able to connect to 192.168.1.101:843 , and
  my server web is the other ip .
  Best regerds

  Hi, go to
  Flash Resources , you can
  find a java application that can serve policy files to resolve this
  problem.

• Problem with socket cross domain

  Hi guys,
  This is my cross domain file:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
  <!-- Policy file for xmlsocket://socks.example.com -->
  <cross-domain-policy>
     <site-control permitted-cross-domain-policies="*"/>
     <allow-access-from domain="localhost" to-ports="80" />
  </cross-domain-policy>
  I am placing it in my server.
  From flex i am running this:
  Security.loadPolicyFile("my server address");
  And yet I am getting this event:
  SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048"
  What can I do?

  Hello ILikeMyScreenNameNdCoffee,
  I had the same problem with XMLSocket and I used a policy server that runs
  on the remote server on port 843 and from Flex I load file before connecting
  the xmlsocket Security.loadPolicyFile("my server address:843"). If you want
  I can upload a version of my policy server or you can use the server policy
  from here
  http://www.broculos.net/tutorials/how_to_make_a_multi_client_flash_java_server/20080320/en
  Also you can read here more about file policy:
  http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_04.html.
  On Thu, Aug 19, 2010 at 5:40 PM, ILikeMyScreenNameNdCoffee <[email protected]

• Cross Domain error for Silverlight + MVC application with self hosted WCF service on azure

  Hi,
  We are migrating existing Silverlight application to MVC; existing Silverlight application is hosted on
  Azure which is consuming self-hosted WCF service. For authentication we have implemented
  ADFS with WIF (passive). The cloud service (<myWebSite>.cloudapp.net) is C Name to (<myWebSite>.<myDomain>.com) and we 
  are consuming  WCF service at <myWebSite>.cloudapp.net/<myService>.svc, as we were getting “Cross Domain” error so we have added “clientaccesspolicy.xml” at the root of “WEB ROLE”.
  Existing Silverlight application works fine but the problem occurred when we deploy our migrated application to the same cloud service. We are getting a “Cross Domain” error.
  The same migrated application works fine on UAT environment, the only difference is UAT environment is
  without ADFS WIF implementation.
  Migrated application is half Silverlight and half MVC with initial landing page is Silverlight. MVC web role is used to host the service i.e. .SVC . To go to SL landing page , redirected from home controller. Following is being observed in fiddler for this
  application
  Existing Silverlight application -
  After authentication with ADFS it redirect to Silverlight landing page.
  Before calling service method it looks for “clientaccesspolicy.xml”
  In response header we are getting the content of “clientaccesspolicy.xml”
  And after this everything works fine
  Migrated Silverlight-MVC application –
  After authentication with ADFS it redirects to “HomeController” and from there we are redirecting to Silverlight landing page.
  Before calling service method it looks for “clientaccesspolicy.xml”
  In response header we are getting  following content - “https://federation-sts.<myDomain>.com/adfs/ls/?wa=wsignin1.0&amp;
  wtrealm=https%3a%2f%2f<myWebSite>.<myDomain>.com&amp;
  wctx=rm%3d0%26id%3dpassive%26ru%3d%252fclientaccesspolicy.xml&amp;wct=2014-03-17T10%3a36%3a04Z”
  4.Throw “Cross Domain” error.
  Also we have added filter in
  RouteConfig
  for .xml file
  routes.IgnoreRoute("{*allxml}",
  new { allxml = @".*\.xml(/.*)?" });
  NOTE: There is no configuration change apart from MVC configuration.
  We have done RDP to web role and found that “clientaccesspiolicy.xml” is present at “E:\approot” location and it is also accessible at “https://<myWebSite>.<myDomain>.com/clientaccesspolicy.xml”.
  Please help
  Thanks,
  Rahul P

  Hi,
  Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
  http://something/clientaccesspiolicy.xml directly in a browser
  without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
  not logged in. Then test the cross domain policy file.).
  Best Regards,
  Ming Xu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Cross Domain XML not working

  Greetings,
  I recently obtained two different domains that point to a subdirectory of another domain server. The swf file I created does not show up when I use the domains that are pointing to the subdirectory of the original domain.
  I placed an xml file into the root directory that contains the following code:
  <?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
      <allow-access-from domain="*.newdomainname1.com"/>
      <allow-access-from domain="*.newdomainame2.com"/>
  </cross-domain-policy>
  Nothing shows up. Is there something else I need to do make this work? I created the swf file using CS3 - Action Script 2. I tried searching everywhere to see if I'm missing a step, but cannot find anything. Any help would be greatly appreciated.

  I'm still not entirely clear what the problem is.
  Those links to the other domain show 404 errors, which is related to how things are set up on your hosting server for those domains, and nothing to do with flash.
  Are you trying to get the swf at http://www.searecovery.com/ to load data from the other domains? (I can't see it trying to do that, so perhaps not)
  If so you need to add *.searecovery.com to the crossdomain files at the other domains.
  Crossdomain files give flash content (swfs) hosted at one domain access to load data (or grant access to the data of loaded assets) from another domain.
  So you need crossdomain permission if you want a swf hosted at www.danfoss-searecovery.com to load xml data from www.danfosssearecovery.com for example, or to get at the bitmapdata of jpgs loaded from www.danfosssearecovery.com.
  If you just want to host the swf at the other domain, and if it's not loading data from external domains, then you pretty much just need to move copies of the html and swf there along with any external assets it loads (so long as you have used relative urls for loaded assets from within the swf) . If that's what you're trying to do then the issue here is likely to be simply how your hosting environment is set up for the other domains.

• Is it possible to have a different cross domain for subsites

  Hi,
  I am not sure weather it is achievable or not. Can someone help me here please?
  I want to deploy more than one cross domain policy in the farm. Let suppose, www.mysite.com/crossdomain.xml(master- permission for complete site including all subsite.)
  www.mysite.com/site1/crossdomain.xml (Permission just for site1)
  www.mysite.com/crossdomain.xml (Permission jus for site 2)
  And so on.
  Many Thanks
  Manan

  Hi Yammer,
  Apologies if I have posted the question in a wrong section.
  Is it possible for you to point me to the correct section.
  Regards
  Manan