tags:

views:

769

answers:

2
Q: 

Flash crossdomain.xml in a non-root directory

I have a web service running in http://server/abc/service which is being accessed by Flash from a different domain. I deployed a cross domain policy file to http://server/abc/crossdomain.xml and made the Flash load it using:

 flash.system.Security.loadPolicyFile("http://server/abc/crossdomain.xml");

in the constructor of the main movie clip. However, when the Flash starts, it requests and loads this file (observed in Firebug), but then it also requests it from the root of the server (i.e. from http://server/crossdomain.xml) which does not exist. Subsequent HTTP requests don't work reporting security cross domain errors. When I put the policy file to the root of the server, it all works.

Why does it request the policy file from the root as well even thought it loads it from the subdirectory? Why the subdirectory policy file is not enough?

I should also note that the two policy files are loaded before any application HTTP requests are issued.

+1  A: 

I think it has to verify that the master policy file allows the alternate policy file to set permissions.

Here's an interesting article with this little tidbit:

If a client is instructed to use a policy file in a location other than that of the master policy file, the client must first check the meta-policy of the master policy file to determine if the original policy file is allowed

JStriedl  2009-11-03 18:03:24
+1 Thank you for the link. I must admit I have not read the cross domain policy file specification. I read just the Flash help which I think does not mention it.
Jan Zich  2009-11-03 21:08:13
+1  A: 

A policy file has to be in the root Web directory on the server. That's to ensure that someone who perhaps controls a sub-folder on the server can't run a policy that the "official" site (eg; the root) doesn't support.

Brian  2009-11-03 18:13:04
+1 Thanks, it actually makes a lot of sense.
Jan Zich  2009-11-03 21:06:27

related questions

Any way to have an ActionScript 3 (Flex/AIR) project print to standard output?
How can I make flash cs3, actionscript send events to javascript?
Large File Download
3.1 or 5.1 audio in Flash
Drawing a custom label on a pie chart in Yahoo's Flash Library ASTRA
How do you use a flash object as a link?
Is there a way to render svg data in a swf at runtime?
How can I resize a swf during runtime to have the browser create html scrollbars?
What does this javascript error mean? Permission denied to call method to Location.toString
Flash designer/coder collaboration best practices
FLVPlayback component memory issues
Create an EXE from a SWF using Flex 3 without requiring AIR?
Is there some way to show HTML content inside Flash?
FOSS tools for Flash development
Silverlight vs Flex
Best Practices for AS3 XML Parsing
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
ActionScript 3.0 sockets can't reconnect
What are the options for delivering Flash video?
Best practices for building Flash video player
How to make a Flash movie with a transparent background
What are effective options for embedding video in an ASP.NET web site?
What are the best solutions for flash charts and graphs?
Best way to learn Flash?
Displaying Flash content in a C# WinForms application